Hello Identity Manager Community,
I ran into the following situation:
'Person A' delegates an attestation for a ADSAccountInADSGroup-object to 'Person B'.
'Person B's entitlement /group membership is being attested by the attestation and the Person-Object is set as 'related object 3' / 'ObjectKey3' on the AttestationObject.
'Person B' is now able to attest his own entitlement / group membership, even though the ConfigParm 'QER\Attestation\PersonToAttestNoDecide' is set.
This only seems to happen if you use a single-delegation, as a deputy delegation causes the expected behaviour. (Not delegating the objects, that attest the person thats being delegated to)
Is there a way to prevent this?
In kind regards,
Daniel