Task #2863
Updated by Alena Peterová over 3 years ago
Tested on version 11.
By default, the users may delete (cancel) an open role request, in which they are involved:
Example:
* manager adds some role to the user
* there is some error on the system
* both the user and the manager may delete the request
!request_delete.png!
It would be more safe if the user couldn't delete the request, if they didn't create it themselves.
Technically:
Change the userRole: the permission to read role requests in workflow approval: Requests for assigned roles (IdmRoleRequest) | Read, Update, Create, -*Delete*- | RoleRequestByWfInvolvedIdentityEvaluator