We recently implemented a Segregation of Duties (SOD) policy in our environment. As part of this process, certain roles (e.g., Role A and Role B) are in conflict and should not be assigned to the same user simultaneously. If both roles are assigned to a user, a policy violation is triggered and sent to the violation owner. The owner then decides if the conflicting roles are necessary.
Here’s our requirement: If the violation owner approves the conflicting roles, the approval should be valid for a maximum of 6 months. Currently, when the default exception duration is set to 6 months, it locks the period for exactly 6 months from the approval date. However, we want the flexibility to set an exception period within these 6 months (e.g., ending in 3 or 4 months from the approval date, based on business needs).
How can we implement this functionality to allow setting custom exception periods within the 6-month limit?
If we default exception duration is set to 6 months, it locks the period for exactly 6 months from the approval date(attached snapshot). However, we want the flexibility to set an exception period within these 6 months We cannot select the date in-between these 6 month.
If we “Enable Allow Exception Popup ” this will allow approval to set any custom date, but we want max date should be six month and flexibility to set an exception period within these 6 months only
