Identity Audit - SoD for multiple roles

Hi,

i got the challenge, that we´re trying to implement a SoD-model where the identity inherits a SoD-tag (extended attribute) from it´s department.

Now every systemrole we use also has a SoD-tag (extended attribute) assigned. I now need a rule, that checks in the ITShop, if the combination of those tags is allowed (green), prohibited (red) or exception approval relevant (yellow).

I did get it working, using Identity Audit rules and the method CR in the ITShop Approval workflow.

My problem is now, that if a user gets an exception approval for on specific order of a system role, the next order he places for the same SoD-combination now does not trigger the exception approval anymore.

But I do want it to be triggered by every order.

Can someone help me to maybe re-design the Identity Audit query or something, to get this working?

thanks in advance,
Andy

Top Replies

kastenhuber marco 3 months ago +1

Hi Andy,

unfortunately I can't see the workflows...

Why not solve it via different stores - so that users can only see what they are authorized for? You can easily put a product in several stores as…

0 kastenhuber marco 3 months ago

Hi Andy,

unfortunately I can't see the workflows...

Why not solve it via different stores - so that users can only see what they are authorized for? You can easily put a product in several stores as standard.

Cheers
Marco
Cancel
Up +1 Down

Reply

Verify Answer

Cancel
0 Andy Britt 3 months ago in reply to kastenhuber marco

Hi Marco,

that´s what we do. But the users are authorized to request those products.
They just need to be exception-approved every request.

regards,
Andy
Cancel
Up 0 Down

Reply

Verify Answer

Cancel