Is it possible in ISC to generate an access certification that specifically targets access granted via access requests?
In my setup, access for a particular source is primarily assigned through roles. However, I have also allowed users to gain access through access requests, mainly for individual entitlements and access profiles.
My requirement is to generate an access certification that reviews only the access that was granted through access requests (i.e., request-based assignments), rather than role-based access.
Has anyone implemented this, or can advise on the recommended approach (e.g., certification type, scoping, or filters) to achieve this in ISC?
Could you please generating a campaign from search using @access(“entitlement” “accessProfile”) then refine access items and select only access profiles and entitlements.
I have tried to generate the certification using this query , however im unsure on the accuracy of the query.
attributes.cloudLifecycleState:“ACTIVE” AND @access(source.name:“Source” AND type:(ENTITLEMENT OR ACCESS_PROFILE) AND (standalone:true OR revocable:true))
I’m currently reviewing the returned identities. Now, @AsGoyal the unclear part is that the query retrieves all identities on the source, so my concern is whether the filtering logic correctly includes only identities that have non-role access items. Or does this imply that actually all identities on the source have standalone access other than the assigned role
Ideally access items which are not directly provisioned like in form of roles, if you raise an access item certification, it will not appear in the certification campaign. You review the preview generated and feel free to dm me for the same.