Hello Everyone,
I've been asked to make the delegates a bit flexible and allow the Change Management Group to be able to add new delegates.
Basically, if the change managers want to add user X as delegate of user Y, they can do it.
I have 2 options that came to my mind:
Option 1 - Create a new role calles delegeate_user_admin and grant this role to change management group.
Then, create new ACLs to allow members with this role to write, create, read sys_user_delegate table.
Option 2 - Update the current ACL's and add on the advaced conditions a clause to check if the current user is member of ITSM change management group.
I would rather go with option 1 even if I need to create new ACLs.
The main idea is to make reusable in case of future request to expand the abaility to other group like Security Access group, we would need to add the role to the new group instead of updating ACLs one more time.
Do you have any recommendations?
