we're assigning roles to users using technical rules as birthrights.
When an enduser clicks Manage My Access link, there is an option to manage Roles and the user can choose to delete the roles that were granted as birthright roles. Is it possible to prevent the users from doing that or hide the 'Roles' section completely from Manage My Access?
Below post has the solution:
Is there any identification at the Role level which states whether a role is birthright role or not? If there is identification then based on that identification you can write your role query.
In our case , all the birthright roles had one role CP value as "BirthRightRole" and in Role query, we showed all the roles whose CP value was not like 'BirthRightRole' this way the birthright roles were not available for request.
Please check below config:
the Request Role Query seems to hide the roles from ARS but the roles are still visible in 'Manage My Access' page and the user has the option to try to delete it, even though the deletion will fail with "Role.Not.Requestable" error message. Ideally we'd like to hide the roles from the 'Manage My Access' page or hide the delete button that is visible for each role.
For Enterprise Role, there is no such config to remove the delete button or even remove the 'Roles' part from the Manage my Access tile since it showing all the available accesses that you have.
This would be an enhancement request that you can submit on Ideas Portal - https://ideas.saviynt.com/ideas/