Idea ID: 2875524

Cyclic check in admin delegation mappings (Policy/Delegation)

Status: New Idea

When you are an end user it is possible to add a delegation. When you add a cyclic delegation (A -> B, B -> C, C -> A) IGA gives you an error. This is fine.

In the admin screen however, this check is not in place. You can add cyclic delegations as admin (service desk). This should not be possible. It becomes even worse because the end user is presented with an error when the user tries to request a permission with an approval which points to a cyclic delegation.

I logged this as a bug, but it was working 'as designed'. In my opinion it is still a bug. You cannot expect admins to browse hundreds of delegations to check if there is a cyclic one, and the problem of a cyclic one should never end up at the end user requesting a permission.

In short: You cannot expect admins to browse to hundreds of delegations to check if there is a cyclic one when entering a new one. There already is a check in the product when the users themselves set delegations. This check should be done in the Policy/Delegation screen as well.