Hi,
i got the challenge, that we´re trying to implement a SoD-model where the identity inherits a SoD-tag (extended attribute) from it´s department.
Now every systemrole we use also has a SoD-tag (extended attribute) assigned. I now need a rule, that checks in the ITShop, if the combination of those tags is allowed (green), prohibited (red) or exception approval relevant (yellow).
I did get it working, using Identity Audit rules and the method CR in the ITShop Approval workflow.
My problem is now, that if a user gets an exception approval for on specific order of a system role, the next order he places for the same SoD-combination now does not trigger the exception approval anymore.
But I do want it to be triggered by every order.
Can someone help me to maybe re-design the Identity Audit query or something, to get this working?
thanks in advance,
Andy