Closed jarrod-mg closed 2 months ago
@jarrod-mg As of today, the eligibility policy schema is not very flexible. That might change in the future though. It would require a complete redesign of the policy schema, would need to be thought through carefully and is on our radar.
Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 7 days it will automatically be closed.
Currently, and eligibility policy has three things:
This means, for example, that I can't set up that "developers" can request access for "PowerUserAccess" in the development OU, and "DeveloperAssistDebuggingAccess" in production - without also allowing "PowerUserAccess" in production.
I also can't say that accessing "PowerUserAccess" in development can auto-approve; but "DeveloperAssistDebuggingAccess" in production requires approval.
Is it possible to make the rules more flexible?