Hi,

we use Roles and Resources driver.
Now I have a use-case where I would like several Lv20 roles to grant the same Entitlement resp. the same group membership.

Why many roles? Because Admin of organizationalUnit 1 is not allowed to edit the members of organizationalUnit 2.
So every unit gains its own role, i.e. org1_groupMembership_A, org2_groupMembership_A, and so on.
This role must now somehow resolve in groupMembership_A in the application.

Possibility 1)
'n' roles are granting Entitlement 'A' and this resolves in groupMembership_A

Possibility 2)
An other possibility could maybe be, several entitlements (Entitlement_Unit1, Entitlement_Unit2, Entitlement_Unit3,...) granting the same group membership (groupMembership_A).

Does one of these possipilities work 'out of the box', without any customized policies or a new service driver?
If there is a possibility, which are the steps to implement it?

Regards,
Christine