DavidF.37205 (Galaxy Digital) asked a question.
RBAC Challenges
I am in the process of creating Okta custom roles and have run into a situation I am not certain how to maneuver. I have a total of 34 resource sets for a total of 34 teams. The challenge is that a number of the resource sets contain groups that are part of other resource sets and with this, I am at odds as to how I could address the administrative overlap. At this point, I am looking at having multiple people-leaders manage some of the same groups, which is not ideal.
Any suggestions would be highly appreciated.
Hi @DavidF.37205 (Galaxy Digital) , Thank you for reaching out to the Okta Community!
It depends on what kind of organizational restrictions you have and what kind of administrative overlap you are dealing with.
If the admins need to have a general management function over the groups, I think you might need to create new groups for the individual admins to manage and then have the users still be part of the original group by leveraging group rules.
If the admins overlap with the same group but have different responsibilities, perhaps you can leave the group as is and instead create custom Admin roles with granular permission pertaining to their respective duties.
If you have the OIG add-on, maybe you can look into implementing something like Access Requests.
As a last resort, you can open a case to go over the implementation with one of my colleagues from the Support team that can set up a meeting with you and see exactly what your are dealing with.
If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you.
Hope my answer helps!
--
Help others in the community by liking or hitting Select as Best if this response helped you.
Collect them all. Learn a new skill and earn a new Okta Learning badge.
Just released: More Okta Community badges just added