Hello,
We have a use case in which we want users of our developed end applciation to be able to add new users and manage the access level of those users. We would not like to give those users access to IAM, because there is a possibility we want users from our customers to be able to do this.
We know of the IAM API layer which you can use to:
- Add users to IAM
- Add a new user group
- Assign roles to a user group
We are interested to know how far we can go with this API layer. Can we for example also create a new role in which we can grant access to very specific columns in a table? Or do those roles always have to be predefined in the SF, whereas we can only assign those predefined roles to existing or newly created user groups?
Thanks in advance. If the question needs more clarification please let me know.