Details
-
Improvement
-
Resolution: Unresolved
-
Minor
-
None
-
None
-
None
Description
We have apps that are multi-campus, and many that are not. We would like to prevent some apps from setting up a provisioning target to the "wrong" campus. For example, if I have an LDAP target called "Urbana", I would like to only allow the ability to provision to that target from a special group of admins. Multi-campus app admins might have access to multiple targets and that's OK. I sort of do that now by only permitting a group to have access to the "etc:pspng:provision_to" attribute, however I cannot limit the values that are input so it's "all or nothing". I'm hoping the new provisioning framework could provide a level of access control, not only to provision at all, but to only allow certain targets.