Question:
I want to restrict the user administrators to change their own role/profile assignments. They can of course request other admins to change his/her profile.
How can I design such a user admin role. What auth objects/values need to be set for this.
TIA,
Nishant
Answer:
you use S_USER_GRP and the auth group on the Id, but you are waisting your time. they generally can creaste any ID and assigne any access they want to that ID and use it. so you must use mitigating control to review their activities and ensure they are authorized.