Hi Colleen, hi Madhu,
yes - we disabled the approval steps in the role methodology and are directly maintaining the roles using GRC role maintenance and search menu.
My intention is even an Admin who is quite experienced could accidentially select the wrong role from the list and press delete button. Then the role would be removed from backend in worst case including all users that were assigned.
As there is no way to prevent this besides authorisation restriction for authorisation support team which is not advisable for us it seems the best to use Colleen´s proposal and activate the WF for role maintenance.
I am experienced somehow in the BRF+ rules using decision tables for access requests but haven´t looked into the role mainteance WF so far.
Is this initiator rule checking if users are assigned to the role included in the standard WF? Or does this need to be specified using BRF+ decision table or somethin else?
Thanks and regards,
Markus