Is there a way to hide all roles and access profiles (AP’s) in Request Center?
We dont want end users to be able to request access items, but we still need to mark them as requestable, as we provision Roles and AP’s via API.
I thought of creating a segment for all users, that had no access items in it, but alas any access item that is not part of a segment is also shown to users.
We have about 3,400 Roles and AP’s total, and since limit of access items per segment is 50, I would need to create about 70 segments just to put them in. This doesnt seem like the best or manageable solution.
We can add more than 50 items in a segment, the limitation is only to add at once. You can add 50, save them and add another 50 and so on.
I am not sure how you provision roles via API and how many such roles in place. But I had a similar requirement about one role which needs to be requested via workflow based on certain condition, but shouldn’t be visible for other users for request.
So I achieved it by marking the role as non-requestable(but enabled). So, it is always not visible for the users. Inside the workflow that is initiated, I use the PATCH role API to mark requestable to true and in the next step, I would use manage access to request the role to the user and at last call the PATCH role API again to update requestable flag to false.
This way, the role is not requestable for the users, but only used within the workflow when needed. Hope this helps.