I currently have a use case where I have a role set with let's say 600 roles. This role set consists of roles that have a read and write version. For example I have 'Role A - Write' and 'Role A - Read', this combination will always exist for all roles in the role set. However here comes the kicker, a user is never allowed to have the role combination of 'Role A - Write' and 'Role A - Read', however the user is allowed to have 'Role A - Read' and 'Role B - Write'.
Visual overview of this:
In the SoD rules we can configure two entitlement sets that will cause a violation, however as I have 300+ possible 'forbidden' combinations I don't want to configure 300 SoD rules to make certain we keep this in control for all these roles.
My question for you is, do you know of any way we might make this more dynamic? It doesn't have to be using SoD's functionality, membership rules or user access rule based solutions are also welcome.
I'm looking forward to hear from you!
Kind regards, Tim