How does this work in practice? Does this mean that permissions are restricted?
Release : 14.3
Component : CA IDENTITY SUITE (VIRTUAL APPLIANCE)
If permissions are assigned via a Group only one item from that group can be selected from that group. However, permissions that exist outside of the group can be selected as well.
This needs some consideration when developing your permissions catalog. Where only one permission can be selected from a list, these permissions can be grouped. If you need to select multiple permissions they should not be grouped.
You could group job titles together as only one in the list can be applied at any given time.
ie. Doctor, Nurse, Health Care Assistant.
or Employment Status.
ie. Full-Time, Part-Time
You would not Group Items where more than one could apply
For example; System Roles where one user might occupy more than one function.
ie. System Administrator, HR User, Backup Operator, Accounts User, Print Operator, Firewall Administrator, etc.
Below are some examples of how this would look in the different IP Views.