Item level targeting is a key feature in Powerbroker. We use it all the time and would like to see it in PM. Only having targeting on the workstyle is very limiting and will cause us to have to create very many workstyles which will make our policy management very difficult.
We have 2 major use case for this.
We have 100,000+ user and there is always the user that need one-off exceptions. Today in Powerbroker we don’t need to create a whole new bucket for that one user. We just add the rule to his/her current bucket and set an item level target filter to target that user or for a group using an AD group.
When we are working on building some new rules for users we use item level targeting to put pilot the rule to a pilot group. So we can work on something with a few user before we release widely. Then all we have to do to release it is remove the filter.
In PM today we would have to create an entirely new Workstyle for the change. Make sure it falls correctly in the policy precedence for the users we are targeting. Create a new application group. Apply the new application group to the workstyle. Create the new rule for the change then test it. Then copy the rule into the prod application rules then get rid of the extra workstyle and application group.
So it gets very complicated when all we want to do is drop in a new rule to test it.