Hi All. Any ideas for the following scenario?
- We have 10 departments and each department has a unique manager e.g. Manager1 to Manager10
- Active Directory groups are sync'd with MIM portal and we have a group for each department e.g. RoleGroup1 to RoleGroup10 for Department1 to Department10 respectively
- So Manager1 is an owner of RoleGroup1 for Department1 and the manager will use MIM portal to add/remove members as they join/leave their team
- Users regularly move between these 10 departments but membership to more than one of the department RoleGroups creates a toxic combination of permissions that we must avoid
- Our goal is to allow the managers to add users to their RoleGroup and automate the removal of the user from their previous RoleGroup
The question is how can we achieve this? Do we need to create additional resources and/or attributes? Can we do it all via MIMWAL? Do we need to run PowerShell scripts with the Lithnet module? If the number of RoleGroups grow, does the solution scale nicely?
Any thoughts would be appreciated, cheers.
Dan