This update restores the visibility of direct permissions (like those found in RACF, Oracle DB, and Atlassian Suite) within the Account Details and Certification UIs. It’s a “quality of life” fix for admins and reviewers who previously had to use workarounds to see these assignments.
This is a capability enhancement to the existing Account details experience
Description
We are restoring visibility of direct permissions in Identity Security Cloud so admins and reviewers can more easily understand what access is assigned directly to an account.
This visibility is now available in both the Account Details UI and the Certification UI (Access Reviews), helping teams make faster and more confident access decisions.
Problem
During modernization of the Account Details experience, the direct permissions section from the previous UI was unintentionally removed.
As a result, customers had to rely on alternate workflows to validate direct account access, which added friction especially for teams managing high volumes of direct assignments
Solution
We have restored direct permission visibility so customers can again review direct assignments in context.
What’s included:
- Account Details UI: Direct permissions are shown in the Permissions tab with details such as Target and Rights.
- Certification UI (Access Reviews): Direct permissions are also available during certifications, so reviewers can evaluate direct access while making review decisions.
- Configuration support: For connectors that support it, ensure Include Direct Permission is enabled in the account schema so this data is aggregated and visible.
Initial validation has been completed for:
- Mainframe IBM RACF (Read-only)
- Mainframe Top Secret (Read-only)
- Oracle Database
- Atlassian Suite Cloud SaaS and VA
Who is affected?
This update is most relevant for:
- Identity Security Cloud admins who need quick account-level visibility into direct access
- Certification reviewers and governance teams performing access reviews
- Customers using direct-assignment-heavy sources (including mainframe and database environments)
- Organizations migrating from IdentityIQ and expecting similar visibility in ISC workflows
Action required
For most customers, no immediate action is required to benefit from this UI restoration.
To ensure direct permissions appear for your sources:
- Confirm your connector supports direct permissions
- Enable Include Direct Permission in account schema (where applicable)
- Run account aggregation to bring updated permission data into ISC
If direct permissions are not visible, review connector configuration and schema settings for that source.
Important dates
- Sandbox Environments: This feature should already be available for testing, as it launched on March 23, 2026.
- Production Environments: Rollout to production is in progress and will be complete by April 2, 2026.
FAQ
Q: Where can I see direct permissions now?
You can view them in both the Account Details UI and the Certification UI during access reviews.
Q: Which connectors are verified?
Initial validation includes RACF (Read Only), TSS (Read Only), Oracle DB, and Atlassian Suite – Cloud.
Q: Do I need to do anything?
Usually no major change is required. If your source supports it, make sure Include Direct Permission is enabled and run aggregation.
