Ok so we have a number of Account Definitions for different classes of accounts, standard and elevated accounts.
The same is defined for groups. In which case, only elevated accounts should be allowed to be added to elevated groups. Similarly for regular groups.
How do I define what accounts can be added to which groups when assigning a resource to a person record to ensure that only the appropriate class of users from the account definition is assigned to the appropriate class of group.
For instance, if I have elevated groupA and assign it to a person record with standard account definition A, and elevated account definition A, how do I make sure that the elevated groupA is only assigned to the AD account associated with account definition A.
So far everything is working terrific, but I am a little off on how I should be thinking about this.
Thanks!
We are labbing this up in OIM 7.1 SP1. Any insights would be greatly appreciated.
