Previous Topic: Create a Preventative Identity PolicyNext Topic: Workflow and Preventative Identity Policies

Use Case: Preventing Users from Having Conflicting Roles

Forward, Inc. wants to prevent its employees from having the User Manager role and the User Approver role at the same time. Employees who have both of these roles can modify user attributes, such as salary, and approve them inappropriately.

To prevent this situation, Forward, Inc. creates a preventative identity policy that applies to users who have the User Manager and User Approver Roles. If an administrator attempts to give these roles to a user, CA Identity Manager rejects the task submission and displays a message that explains the violation.

You configure a preventative identity policy to support this use case as follows: