Depending on how you are setting membership, you can choose to have a constraint like the %admin_role_constraint% for the admin role it is set to multi value, you could set the access role to a single value attribute.
Another way is screen field validation that does not allow for submit of the access request if the attribute is already populated. Meaning that you have to modify the user delete the value, then you can request other access.
Bill Patton
------------------------------
And, as always Perhaps there are others in the communities who have experience in doing this and we invite them to comment here also.
Another option may be to reach out to our partner HCL Technologies to see in what way they can assist further. The Enterprise Studio team of HCL can be reached at
enterprisestudio@hcl.com.
https://www.hcltech.com/enterprise-studio------------------------------
Original Message:
Sent: 02-14-2020 08:25 PM
From: Darius Greene
Subject: Pre-submission logic to restrict access roles
We have a usecase where users are limited to one access role at a given time.
This business requirement is to force users who are transfering departments to remove their original access role prior to being added to a new one.
Our access roles are defined in the modify user task as of present, as such the only change required is to add the logic to throw an error if a manager attempts to add another access role to a user when they have an exsiting one.
How can this be acomplished in IDM?
All the best,
D.Greene.