Hello,
I have been taking a look at the predefined attestation policies in OIM and have a question. The policy "Business role membership attestation" allows me to attest each role, that has been assigned to an identity individually. I was wondering if there is either a predefined policy, that allows me to attest a role and the assigned roles to this role analogically, or if there is an easy way to maybe create a custom policy, which allows me to do exactly that. Just to clarify, i would like to have a policy, which allows me to attest each 'sub'-role, that has been assigned to a role individually, and, in case of denial, removes this 'sub'-role from the role. I'd be grateful for any advice on how to do that.
Cheers!