Which IIQ version are you inquiring about?
IIQ 8.4
Question
Is there any way to mark or flag an entitlement to prevent any members to be added or removed from it.
IIQ 8.4
Is there any way to mark or flag an entitlement to prevent any members to be added or removed from it.
@Lukkah
Are you looking from only manage Access or even from API it shouldn’t possible
There is no direct way you can do this, if its from manage access make it non-requestable
Thanks for the answer, I have tested to make it non-requestable without any success. Could one solution be to change the permission for the IIQ user to Read-Only on the actual Active Directory group?
Making it non-requestable should work
Another approach is write a advanced SOD policy and within the policy rule check for users existing entitlements and future access, if you see this entitlement in the difference throw an SOD exception, this way you can stop any membership change on this entitlement
Take a look at below link for example rule
@Lukkah as the addition and removal can be completed by multiple way , API, someone used in Bundle, some other quicklink and all.
Best way to handle everything is to remove that attribute request from before provisioning rule of the application, it will take care everything.
Also if you want to handle the same from target side., like there may be chance someone added in target then use native change send revert plan make sure setting source or some other attribute which says this removal came from native change so u can by pass your before provisioning rule for removal from native chnage