Hi Community,
I'm finally posting this question as it's something that has been puzzling me for a while.
As per the docs here
| Assign sn_vul.remediation_owner - Remediation Owner to users and groups. | Users and groups with this role remediate vulnerabilities assigned to them or to a group they belong to. Groups or users with this role view and update the records assigned to them or to a group they belong to. |
In my scenario, this role attribution needs to be faily dynamic, as there are potentially hundreds of groups and user that could be involved in the remediation of a vulnerable item. The assignment logic is based on various factors within the CI entries, and these values could change / new CIs added etc...
I also read this note for a different documentation page:
Note:
The sn_vul.remediation_owner role is also automatically assigned when the itil role is assigned to a user.
If verified, this would quickly address my concern, however I can't find any more details about this automatic role assignment, and how it is actually applied.
When I add the itil role to a user, I don't see the sn_vul.remediation_owner role being automatically attributed, nor do I see any relationship between the two roles on the sys_user_role_contains table.
If somebody could clarify this for me it would be greatly appreciated!
Thanks in advance!
Greg
