I have reviewed the integration guide, and clearly, there is an integration scenario where you can have the user creation request originate on IdM, and then have IdM provision some roles, and GRC 10 provision the rest of the roles. Per that guide, this is not the preferred scenario. However, my client wants to do that.
The question is, once GRC 10 has provisioned roles, can IdM deprovision them? In other words, will there be an issue when a user changes positions with the company and IdM is used to change entitlements?
I think not, but I'm having a hard time finding documentation showing that IdM can remove all current role assignments.
Please let me know.
Thanks,
Santosh