Restrict Access to User Provisioning when Managing Roles
When managing roles, it is possible to provision access to users even without the Edit User Account privilege. How can the Users train stop or the Add User button be restricted when managing roles?
The ability to manage roles and provision roles to users is not properly segregated in the system. It is still possible to grant roles to users via the Users train stop when editing a security role.
How can access to user provisioning on this page be restricted? I'd be interested to know if anyone has found a workaround for this system limitation.
Steps to replicate: