Hello,
Have a request for improved control as to user group membership. It is understood the admin has elevated privilege to the password admin. It is also known that an Admin may make a member of any user group. It is finally understood all actions are audited. It is also known that changes of membership rights may be mailed as a notification.
We have three groups which we would like to restrict and force approval by the owner of the said groups. These assets are extremely restricted and we are needing to meet this as part of an internal audit of PMP.
We would like an option similar to password approval access control. Any Group membership amendment or removal would require approval.
This would resolve the current limitation within Admin of general equality as to user groups. As it currently functions, an admin could add a user or themselves
Currently, the only mitigation is to limit to a super admin and all others are password admins. The password has to formally request to be elevated to Admin for user change. This works but is cumbersome.
Thanks in advance.