Lets assume that we have two applications and they involve app roles and accounts. In addition, afx connectors are defined with related capabilities which are shown at below figures and assigned to applications. Capabilities are same for each application but their queries are different. We independently create user access review for each of them. When we select revoke action in user access review, “remove application role from an account” is successfully worked.
Now the actual problem is that what will happen when we create one Role and put users, first application’s app roles and second applications’s approles inside of the Role. As far as i understand, if we want to trigger connector from Role flows, this time we need to assign connector to Role set (I tested without assigning a connector to role set as a result connectors were not worked. When i assign first application's connector to role set, “Add Application Role to an Account” is successfully worked for first application) but the problem is that we have two applications and role set allows us to assign only one Afx connector. Therefore, system can not trigger both connectors.
In summary, system should decide to execute first or second application’s Afx connector according to Role’s data changes. For example, i added one user, two app roles from first application and five app roles from second application. According to this scenario, “Add Application Role to an Account” action must trigger for each application’s connector.
What are your suggestions?