Hi everyone, I need your help creating a policy to detect violations based on a specific requirement.
I want to identify Identities who are members of groups that are included in roles where the group has a metadata value of “High”.
However, from what I understand, it’s not straightforward to query Identities through Roles in this way.
Could you please guide me on how I can achieve this? Any suggestions or alternative approaches are appreciated. Thank you!
Does anyone know the solution?
I believe it is not possible to search the assigned identities based on the role metadata because seems like the data model of the accessMetadata does not contain the information about identities assigned to the particular role.
I will suggest to make use of the workflow, where you first find out the roles based on metadata attributes and then create policy where you can include either the role id or role name in the query field.
@access(id: role1) OR @access(id:role2)
This should be easier to implement in my perspective and you can even have a scheduled workflow for this.
I hope this helps.
Regards
Vikas.
Thank you @vguleria , It seems easier to implement, Thank you for your solution!
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.
