Attributing permissions from the same permissions group
search cancel

Attributing permissions from the same permissions group


Article ID: 207628


Updated On:


CA Identity Suite


The CA Identity Manager (IM) Product Documentation states "Permission can be grouped in a group of permissions. Grouping permissions together means they are mutually exclusive (only one can be selected during access request). The target user (that is, the user for whom the request is made for) may have only one of those permissions."


Release : 14.3



If permissions are assigned via a Group only one item from that group can be selected from that group.  However, permissions that exist outside of the group can be selected as well. 

This needs some consideration when developing your permissions catalog.  Where only one permission can be selected from a list, these permissions can be grouped.  If you need to select multiple permissions they should not be grouped.

For example:

You could group job titles together as only one in the list can be applied at any given time. 

ie. Doctor, Nurse, Health Care Assistant.

or Employment Status.

ie. Full-Time, Part-Time

You would not Group Items where more than one could apply

For example;  System Roles where one user might occupy more than one function.

ie. System Administrator, HR User, Backup Operator, Accounts User, Print Operator, Firewall Administrator, etc.


Below are some examples of how this would look in the different IP Views.


Portal View


Catalog configuration.