Hi,
Requirement -
1. User will have basic Provisioning role with access to basic AD Account and Basic Groups
2. User will be additionally given New Role that will provide access to advanced / more groups.
3. Users can be in any of the OU
Issues -
1. What works - When I try to add second Prov role, it will add Additional groups only if the OU container is same.
2. What Fails - When I try to add second Prov role, it will fail to add Additional groups if the OU container is different as it gives error that account already exists.
3. Also, we have same issue for Oracle Server DB. A developer might have only basic Oracle roles but after a period of time they might become DBA and requires additional role given through Provisioning role. But this fails as it says account already exists.
Work Around For AD groups- We create different roles based on Employment type but that is creating duplicates which client don't like.
Please help with suggestion
Thanks
Cinil.