Business Role removal post role membership attestation

Hi,

I have a requirement to remove a user's membership from dynamically assigned business roles and the underlying AD group post denial of attestation by the Business role owner. As it is a Dynamically assigned role, the entry isn't getting removed from PersonInOrg table. Direct Assignent is getting removed. I'm using the predefined attestation policy for Business role membership.

Pls suggest.

Markus Weiss-Ehlers over 3 years ago

Coming with version 8.2 you have the ability to exclude persons from the dynamic role definition OOTB.

Up to then, you would need to either change the dynamic role definition and add something like "AND NOT UID_PERSON IN (......)" (with a list of persons for all excluded ones), or have an exclusion role (another Org for example) at hand that is part of a "Person is not a member of the exclusion role" condition in your dynamic role.
Cancel
Up 0 Down

Reply

Cancel