Configure & enforce toxic combination based on permissions
complete
R
Rick van den Dijssel
In certain scenarios, it's necessary to establish precedence among permissions in the event of conflicts or to optimize licensing costs by consolidating entitlements. To address this, we utilize toxic combinations, which dictate how conflicting permissions are resolved when multiple entitlements are granted.
Configure a Toxic combination:
- Name: Provide a descriptive label for the rule.
- Description: Briefly explain the purpose and context of the toxic combination.
- Input entitlements: Define the conflicting combination of permissions from one or more systems.
- Output entitlements: Specify the subset of permissions to be retained when the toxic combination occurs.
Benefits:
- Permission Conflict Resolution: Effortlessly configure conflicting combinations of permissions and specify the preferred resolution.
- Overview of Configured Toxic combinations: Easily access and manage all established toxic combination.
- Evaluation Visibility: Clearly indicate actions triggered or caused by toxic combinations during evaluation processes.
- Filtering Capabilities: Streamline analysis by filtering actions based on their association with toxic combinations.
Twan Duvigneau
We just took our first look at the toxic configuration in our tenant, and while we like the fact that we can now solve the license issue. It just feels unnecessary complex, which in turn makes it less flexible to use as well. In our opinion adding 2 new conditions to the default business rule would be much more helpfull. A condition with a dropdown to select a business rule for "Person has to be in rule" and "Person cannot be in rule". In the logic that would have added for in rule: (Business rule conditions) -and (conditions of selected rule) and for cannot be in rule: (Business rule conditions) -and -not (conditions of selected rule). This would have been way less complex to manage, and allowed for more flexibility in the configuration.
G
Grady Koopman
complete
R
Rick van den Dijssel
in progress
R
Rick van den Dijssel
Merged in a post:
Add option to filter on primary contract in business rules
M
Mark Spreeuwenberg
I would like to add the option to filter on primary contract fields in business rules. Use case: with this feature we would be able to select exactly on of the E1, E3 or F1 office license.
R
Rick van den Dijssel
planned
Plannend July release
Twan Duvigneau
We noticed this feature is marked under the governance module in the milestones, however we HIGHLY believe that this should be basic provisioning functionality, this fixes a common problem for license assignment and is the only way customers can guarantee that 1 license is assigned to a person. This is something that is part of the basic implementation provided by the consultants.
Will this be available within the regular provisioning license?
L
Lex van Poppel
YES: we have employees with mutiple contracts which have different licenses. that's toxic. So we only want to look at the primary contract to add a license
Sylvie Boersma
Absolutely! We use HelloID in a care institution where we have a continuous flow of interns advancing in contract. It is an absolute nuisance to discover that the second their contract changes they get stripped of their license and can therefore not access the proper applications. This eats away at their allotted time needed for care giving. Toxic Rules sounds like a proper solution, but it was added to the roadmap over a year ago. I cannot stress enough how welcome this feature would be.
J
Jannie Douma
Same: I would also like this feature added to provisioning for exactly the same reason (M365 license assignment). More information posted on HelloID forum. https://forum.helloid.com/forum/helloid-provisioning/4896-business-rule-condition-to-only-match-the-primary-contract ==> When can we expect this feature?
G
Gary Mulhern
I would also like this feature added to provisioning for exactly the same reason (M365 license assignment). More information posted on HelloID forum. https://forum.helloid.com/forum/helloid-provisioning/4896-business-rule-condition-to-only-match-the-primary-contract
Load More
→