IGA Use Cases: Access certification
1. All user assignments should be displayed in certification.
Only the roles that are directly assigned are displayed in the certification campaign. But business roles are providing access to multiple applications that is not explicitly displayed.
To make better decision during the access review, the person who certifies user’s access needs to see all assigned roles together with application these roles provide access to. He should obtain the same information that is described in the use-case What is the access of the user.
Of course, indirectly assigned attributed can’t be removed individually. But it must be visible in UI what is "the source" of the indirect assignment. E.g. the person who certifies user’s access shall see that the role AppRoleXY providing access to application XY is indirectly assigned because of assignment of role BusinessABC
Sometimes the amount of indirect assignments may be overwhelming - especially when person already knows the business role details. Functionality, that hides/displays indirect assignments on demand would be helpful.