Currently the Approval Activity in the IDM Apps Workflow only has one option for "Exclude Requestor".
This activity should also include options to exclude Recipient and Admin users.
For certain approval activities, like line manager approval, the recipient should not be able to approve a request. For instance, if a user is a delegate of his line manager, and he requests access, he should not be able to approve his own access via delegation.
Selecting the "Exclude Requestor" option for the Approval Activity prevents a delegate from approving his own access.
However, this also prevents a line manager from making a request for his subordinates, since he would not be able to approve the request.
Another use case is that a administrative user with certain roles, can approve requests that are assigned to someone else. There should also be an option to prevent this.
So the 3 use cases that should be configurable are:
Exclude Requestor (existing)
Exclude Admin Role
Can you please clarify your comment. Are you looking for a specific case where line manager is requesting on behalf of staff, where the requestor in this case would also be excluded?
Yes definitely a Good idea. Different Customers have different Requirements. Making this option available will add more value to the product.
required as security control measure ehnancement and SOX compliancy
Definitely need this!