Hi All,

I have a requirement that necessitates the restriction of user permissions, including those of administrators, with the exception of the "security_admin" role. The objective is to prevent all users, aside from the "security_admin," from having the ability to remove users from any group classified as an "entitlement" type.

Below configurations has been done to achieve this requirement

• Modified delete ACL (OOB) on sys_user_grmember table
• Role: user_admin
• Condition: Group Type is not Entitlement
• Admin Override: False

• Created new delete ACL on sys_user_grmember table
• Role: security_admin
• Condition: Group Type is Entitlement
• Admin Override: False

But its not working admin or user_admin can remove users from entitlement group.

Could anyone provide insight into what might be missing from my current setup? Any guidance on this matter would be greatly appreciated.

Please note that the solution must be confined to Access Control Lists (ACLs). Modifications to Business Rules (BR) or List Controls are not permissible for this scenario.

Thank you in advance for your assistance.