We have multiple accounts per user that are differentiated by an attribute in AD:
- Normal Accounts
- Service Accounts
- Elevated Accounts
Our mapping is done via employee ID. So if I want to find out which user owns an elevated account (EA), I look up the employee ID associated with the EA and look up the user based on that. We have Employee ID has the mapping in Aveksa, as well.
I would like to do a Group Review on ONLY Elevated Accounts.
Currently the review user selection I have set up is:
But this shows my manager every user I own (normal, service accounts, EA) and all of the groups all of those accounts are on. I understand logically why it does this (because my accounts share the user ID that reports to my manager).
For the purpose of my review, I'd like to ONLY include account_type='EA', and disregard any sort of service account or normal accounts. I'd then like my manager to be able to review the groups my EA accounts are in.
Is this possible?