I downloaded and installed the UA 3.7 today and have a question about
some functionality I am seeing with role assignments.

I created a new role called "test_role" and did not assign any
entitlements/resources/OR trustees. I deployed and everything was
successful. I then created a new user in the Identity Vault with no
special privileges, and then granted that user the rights to the Work
Dashboard tab and to the Role Assignments List. After logging in as the
new user, I can see the work dashboard just fine but I noticed the
following things when I went to assign a role:

1.) The user can see ALL roles (including system) when searching
2.) Although they can view the system roles, the user cannot assign
them (good thing!)
3.) The user can assign the "test_role" that I created earlier, even
without Trustee rights

Is this the expected behavior? In 3.6.1 you had to make a user a
trustee so they could search/assign the role but it does not seem like
that is the case here.

Also, is there a way to make it so team managers are the only ones who
can request roles for their team members? I want to use the search
functionality that comes with Teams and I want to allow a team manager
to submit role requests for their users, but I do not want to allow the
team members to be able to request roles.


bjohnsonacn's Profile: http://forums.novell.com/member.php?userid=43213
View this thread: http://forums.novell.com/showthread.php?t=387838