It is possible to give access to Incidents on DLP to AD auhticated users based on various attributes. However each of these users need to be defined and addedd to a fixed pre-defined role. This becomes a challange for very large organization with 100K+ users which require a highly scalable workflow. A typical ecample is a large System Integrator with serivicing 1000s of customers and requiring equal number of policies. It is desired to be able to define a default role which an AD authenticated user will fall back to if the user is not added to a specific role. Thiis way the need to create individual users on DLP can also be eliminated, and only those users taht require special acess can be created.
The other feature which is highly desired is to have dynamic incident acess in roles. As of now Incident access can be based on fixed attributes defined through attribute name and value pairs. This can be enhanced by allowing query based dynamic attributes specially for attributes which come from AD. For example allow access if the user is belongs to the same deparment or if the user is a direct report.
These two featured combined can give the ability of having highly scalable workflows for very large and complex orgnizations. Some of the posibilities are: -
- Ability for second level managers to release qurantined email using quarantine connect.
- Abilty for all projetc leads in a large SI to look at the Incidents.