Role has the following Access Profiles
Access Profile A
Access Profile B
Access Profile C
I assigned a user this role via access request (the role has no membership criteria). I then created an access item certification campaign for Access Profile B. The user is not included in this campaign, assuming because the access profile is assigned by the role?
Is this by design? If so, this is kind of disappointing because we have access that must be reviewed periodically, but we also want to be able to include that access as part of a role so that users can request a single bundle of access.
We faced similar situation where we had a requirement to have a fine gain control over the entitlements included in the access profiles along with the said access profiles.
If the Certifier removes the individual access item, then do user really have that Access? SailPoint will need to remove the grouping of access and assign them remaining access items.