We have one application, that is configured with webservice connector, so in this application there are two different types of accesses like group(departments) and roles. the groups(departments) are different, and roles are same for each group(departments). for example, group1 and role1 is one access profile and group1 and role2 is one more access profile, if we create same for other groups like group2 and role1, group2 and role2, if user have group1 and role1 access profiles, again we are requesting group2 and role1 access profile only group2 is trying to add to user but role is not. if we request group1 and role2 access profile only role2 is triggering to add, group1 is not. can any one suggest how to achieve this type of access model with ISC.
One approach could be to store the group-role combinations as entitlements instead of separately storing each group and each role? This is because ISC will identify that a user already has Group2, so it cannot be assigned again.
So you’d have the following entitlements:
Group1-Role1
Group1-Role2
Group2-Role1
Group2-Role2
You could probably accomplish this with a after operation rule.
You want to request for additional entitlement which is not part of your Role that is being assigned, if yes then simple access request is not working for you?
If I am missing any specific part of use-case, then let me know.
Thank you for your quick response. Actually, we have department and role combination to add access profiles, this access profile contains group(department) entitlement and role entitlement. am also observed the same. if user have same role or department entitlement, if we requested the same, it is not working.
After the groups operation is finished, you can have the after operation rule trigger so that it calls directly to the Roles API and using some beanshell logic define a map that contains the group-role combinations that could be made.
Alternatively, you could setup the Group and Role HTTP operations as a parent-child aggregation, where you input the result of group 1 into the aggregation of the Roles and then return those back as a combination. You’d need to use a rule for that as well though.