I created a role and assigned the role source (subAdmin permission) to it so this will allow the user assigned to change the lifecycle state. But how do I restrict this to only the users direct reports and not the entire IdentityNow population?. What’s the Best way to restrict the permission.
Tom, I don’t believe there is currently a way to do this. My suggestion would be to solve this issue not with technology, but a policy/procedure doc for the individuals in question.
2 Likes
Hi Tom,
The “Manager” attribute typically contains the distinguished name (DN) or unique identifier of the user’s manager. You can leverage this attribute to restrict the permission to only the user’s direct reports.
And Enable a segment to limit the access. So that the users in the segment can request to only those items specified.
2 Likes
Yes, segments seems like the most likely solution here.
1 Like