We have launched the Campaign for enterprise Roles through Role Owner campaign type. We have observed that entitlements are getting removed from the enterprise roles after the expiry of the campaign for unresponded roles(no action peformed by the Role owner)
Ex: If you see the below screenshot, where the role owner did not took any action for the role either belongs to me or does not belongs to me or consult . As per our expectation, for all unresponded items Access will be removed from the accounts level and entitlements will not be removed from the roles .
and we have below setting this enabled in the campaign configuration.
Please confirm if this is expected behavior or any way to revoke the only access from accounts level for unresponded items.
Role Owner Campaign :
This campaign allows role owners to review the ownership of roles followed by reviewing the users and entitlements associated with those roles. The roles which are inactive or composing status are not included for role owner campaign certifications.
Create Revoke Task for UnResponded Items on Expiry :
Use this setting to create revoke tasks for unresponded items such as accounts or entitlements once the campaign expires.
OFF: Disables the certifier from creating revoke tasks for unresponded items upon campaign expiration.
For your case why don't you try exploring the Entitlement Owner or User Manager Campaign.
User Manager Campaign : Allows a manager to certify the employment status of direct reportees and perform their employment verification and review their base account, access, and roles.
Entitlement Owner Campaign : Allows entitlement owners to review the ownership of entitlements, followed by reviewing accounts associated with those entitlements and associated child entitlements.