Hi all,

...one topic which was probably discussed many times before but I cannot find any article about it...
Old NetIQ IDM is using RBE (Entitlement Service Driver and entitlement policies placed in a driverset). Those policies enable you to define very nice rules for entitlement assignment. E.g. user is member of the group “group01” and the attribute “customAttribute01” is set to “TRUE”, then assign role and get entitlement.
RBPM does not allow something like this. Or I am not aware about it. We can assign roles only to users, to groups or to containers.

Any idea how to achieve similar functionality in RBPM?
My first idea – dynamicGroups. We just need to take memberQueryURL from the policies, define new dynamicGroups with the same filter and allow dynamicGroups in UserApplication. But dynamicGroups are quite tricky and probably, it is not the best idea.

Regards,
Milan