I'm working with a customer who has a requirement to update collected Application app-roles with a classification (custom attribute). This classification will then be used in downstream processes later on.
To enable the team to update the App-Role attribute, they've been granted the 'Application : Edit All' entitlement within the Aveksa application. Although this works, it also provides significantly more access than required and the customer is concerned this could lead to mistakes/errors.
From some quick tests I've run, Application : Edit All provides the end user with access to edit all of the tabs within an application (per below).
The customer requirement is for the end user to have the ability to only Edit the App.Roles within What Access, but View Only on everything else.
I was hoping this could be achieved using the Scope Filter within a Security Context file, but having looked in to this further, I'm now not so sure.
Has anyone delivered a similar requirement, or have any idea if this is possible or not using Security Context?
Thanks in advance,