Hi,
Our requirement says, we need to remove entitlement/app-role/groups access which have not been given via access manager (RSA Aveksa) system, i.e access given directly from the target (back door access).
I have configured a rule "Unauthorized change detection" where it removes ent/app-role/group from accounts.
But I don't want this rule to detect system accounts (admin accounts). How to control this in rule ? as I could not see any filter for accounts level
Looking at the UI, these rules appear to be applied to any/all accounts:
However, could you update the associated workflow to handle the system accounts accordingly (assuming you have a way of identifying these)?