Restricting a Role to only the direct reports assigned to them

I created a role and assigned the role source (subAdmin permission) to it so this will allow the user assigned to change the lifecycle state. But how do I restrict this to only the users direct reports and not the entire IdentityNow population?. What’s the Best way to restrict the permission.

Tom, I don’t believe there is currently a way to do this. My suggestion would be to solve this issue not with technology, but a policy/procedure doc for the individuals in question.


Hi Tom,
The “Manager” attribute typically contains the distinguished name (DN) or unique identifier of the user’s manager. You can leverage this attribute to restrict the permission to only the user’s direct reports.
And Enable a segment to limit the access. So that the users in the segment can request to only those items specified.


Yes, segments seems like the most likely solution here.

1 Like

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.