Assign One Identity manager Application Role to a Business Role

You cannot assign business roles (Org) to an application role (AERole): But you can create a dynamic role for the application role that assigns any person assigned to the business role to the application role.

Thanks, I wanted to avoid this solution because the customer team user is restricted in the manager to only use the "BusinessRoles". In this case we need to extend the manager with "One Identity manager Administration". 

Will it be possible in the future releases to assign an AERole to an Org BusinessRole?  

I do not understand the use case then. You created the permission group and assigned it to an application role. For that, you didn't use the customer team user, correct? But your customer team user should be able to assign, the application role to any business role on request. Correct?

I used my SystemUser account to create the permission group and assign the permission group to an AERole. 

The Customer team shouldn't be able to create a dynamic role for the application role.

Preferably the customer team user (EmployeeRoleBased) is able to create a businessrole and directly assign an AERole  to a businessrole through the "Tasks" view in the manager. Just like direct assignment of an Active Directory Group/System Roles/ Resources/ Devices/ Subscribable reports etc to a businessRole through the "Tasks" view. 

My first assumption is correct, this is not possible in the current version. 

Your assumption is correct. You cannot assign an application role to a business role.

But what you can do is the following.

1. Create a dynamic group for the AERole that is based on some extended attribute assigned to the Business Role (ObjectHasExtendedAttribute). The extended attribute needs to be created first of course (Table ExtendedAttribute).

2. The customer team user then uses the task "Assign extended attribute" to assign the attribute to the business role. The dynamic role will then put all members of the business role into the application role.

Your assumption is correct. You cannot assign an application role to a business role.

But what you can do is the following.

1. Create a dynamic group for the AERole that is based on some extended attribute assigned to the Business Role (ObjectHasExtendedAttribute). The extended attribute needs to be created first of course (Table ExtendedAttribute).

2. The customer team user then uses the task "Assign extended attribute" to assign the attribute to the business role. The dynamic role will then put all members of the business role into the application role.

The point is to minimize the required actions/steps to assign an AERole to a businessrole. This means we don't want to create a dynamic role for the AERole, neither does the customer team user. 

So for now there is no direct solution,  a dynamic role for an AERole is always required to assign it to a businessrole.  

About how-many Application Role with permission group are we talking here?

And, the customer team user does not need to create the dynamic group just assign the extended attribute where a task already exists.

Sounds to me, that this is not to much effort.

There are no plans at all to make application roles assignable to business roles by an assignment table.