Yes you can use an Advanced Policy and search for pending requests that would cause a violation
Or can implement a subsequent policy violation step within your LCM Provisioning workflow to check for violations after requests have been approved before provisioning
1 Like
Hi @PearlyneMRC ,
It depends on your requirement .
If you need for one or two policies , then you can use advance Policy .
But if you need this on framework level , where your existing policy also starts checking then i would suggest to look in to “Identity Request Violation Review“ workflow , see if we can customize there .
Just an idea , Explore it . we can discuss further if needed.
Hi there!
This is by design. as the access is not yet “realized”, the risk isn’t either.
You could Customized to check , but it will trigger a conflict after the approval happens.
@PearlyneMRC Have you tried creating the Advanced Policy? You might want to create a configurable policy with all metadata stored in external object like Custom objectwhich you can use it further to extend for any apps and applications.
Note: Found a fix?Help the community by marking the comment as solution. Feel free to react(
,
, etc.)with an emoji to show your appreciation or message me directly if your problem requires a deeper dive.