Can rules access account data during execution?

In the context of SailPoint Identity Security Cloud, rules are designed to execute logic based on specific conditions or events within the identity management system. During the execution of these rules, access to account data is restricted. This means that rules do not have the ability to access or manipulate account data directly while they are executing.

The rationale for this restriction is primarily centered on maintaining the integrity and security of sensitive information. Keeping rules devoid of access to account data helps to prevent unauthorized modifications or disclosures that could occur if rules were able to view or change this data. This design choice aligns with best practices in identity governance, ensuring that operations remain auditable and that personal or sensitive account information is safeguarded during rule execution.

In this scenario, while rules can trigger actions or evaluations based on data that is already represented in context or state, they do not interact directly with account data, which reinforces a secure and controlled environment.