A customer uses SAP systems with composite roles (collective role), whereby a composite role contains several single roles.
The customer only wants to work with composite roles. A user may only receive composite roles. We solved this with the configuration "Config for Requestable Entitlement in ARS" in the entitlement type.
However, you can see all roles under "Request access":
How can it be prevented that single roles are edited or removed here (like the red one in the picture)?
Only the composite roles should be allowed to be changed here.
Solved! Go to Solution.
I don't think you can hide delete/ edit button just for one single role from Role Modification page.
Maybe control this in the workflow as workaround, if anyone modifies the role (which is not supposed to be ), auto reject the same in the workflow and notify the requestor.
Another option which I can think of, identify all such roles and flag them with some value in one of the role custom property. In WF , check that cp value , if it exist then auto reject the request.
This also would need some manual efforts in the flagging the role.
Please raise one enhancement with Saviynt in ideas portal for permanent fix.
How come config in "Config for Selected Entitlement in ARS" will hide the role from the Role Modification page?
Can you please elaborate more on this?