TejaswiniM.43647 (Customer) asked a question.
how to reduce the number of groups creation with custom claims with group membership
I have followed below steps to add attributes to the user app profile.
This can be achieved with group membership but group proliferation occurs.
example: Few Users need to have to "read" access to the application. Few need to have "Read and write" access. These is causing increase in groups as we have 10 claims. Where in different users need to have different level of access to the application
Is there a better way to achieve. will it be achieved with workflows?
@TejaswiniM.43647 (Customer) --
I am not really sure of exactly what you are trying to accomplish but it is effectively looks like a form of RBAC.
Would it be possible to create something in Workflows to perform the logic to make the determination? Probably. You would need to be able to feed in what ever the inputs are that you need to evaluate based on some met condition. You would also need to have built out / tested the evaluation logic to ensure it always returns the expected values based on the provided inputs. Once the logic has determined the appropriate values you should be able to update the users app profile with the returned values.
This definitely reads like a high complexity situation in which you would either need to build it out yourself or work with your Account Executive and discuss a Professional Services engagement. Where the whole project could be scoped out, designed, built, and tested.
maybe you can add scope in oauth scope, then assign different user with different scope in the claim rule. then check the scope in your application.