Task #388
openfeedback On role remove approving
0%
Description
When there is a quite simple role add approve process as follows:
Helpdesk, User Manager, Manager, WF for each role by criticity level, Security
then for role remove, there is configuration choice of selecting wf to remove role + role attribute checkbox "Approve role remove".
So the role remove process is configured by each role checkbox not by criticality?
Why is that? Use case from known project (and in fact only one that really ever wanted to approve role removal)
criticity 1-3, all have Role add approvers.
criticity 3, only this one has Role remove approvers - Security team
Altogether I think "Approve role remove" is useless and confusing provided that you have the scope of the role (especially criticality) inside the workflow that manages the role removal process (idm.sec.core.wf.role.approval.remove configuration key), so you can decide there based on role criticality.