Hi,
Our requirement says, we need to remove entitlement/app-role/groups access which have not been given via access manager (RSA Aveksa) system, i.e access given directly from the target (back door access).
I have configured a rule "Unauthorized change detection" where it removes ent/app-role/group from accounts.
But I don't want this rule to detect system accounts (admin accounts). How to control this in rule ? as I could not see any filter for accounts level
Looking at the UI, these rules appear to be applied to any/all accounts:
However, could you update the associated workflow to handle the system accounts accordingly (assuming you have a way of identifying these)?
Hi Clive Morrish,
Yes, I do agree we can control this in workflow. However we may need to control this in all the workflows (In future workflow as well).
I am wondering to control it in generic place (like in attribute or rule) so change is not required in workflow.
Any thought please ?
Looking at the UI, these rules appear to be applied to any/all accounts:
However, could you update the associated workflow to handle the system accounts accordingly (assuming you have a way of identifying these)?