Hi Ousmane,
Thanks for your reply. It has helped me find a solution.
I need to create an IDENTITY campaign, not an Access Items campaign (which I was trying before)
Then I can use your query @access(type:ROLE AND revocable:true AND name:*role_xyz*)
Click ‘Certify these identities’
Then I need to refine Access Items and select only the roles that match my role name (in this case: name:*role_xyz*
Click ‘Add to Campaign’ then Continue etc…
It is a pity the identity query doesnt also apply to the access items, that you have to specifically select them. But at least it works.
EDIT: If you create campaign via API, you can use accessConstraintsto specify only the roles you want to include. You need to explicitly put the Role ID’s, and not a query/regex/filter.
Thanks.