some AAC & AFC role privileges seem to allow more than they should?
I'm trying to create a very light view-only and remediate role for end users to assess their own ORMC Controls output entries, but on creating versions of both 'Advanced Access Controls Analyst' & 'Advanced Transaction Controls Analyst' roles I'm finding, for example:
GTG_VIEW_ACCESS_CONTROLS_PRIV (Allows for the viewing of access controls) still allows users to EDIT the Controls themselves!?!
..or:
even though I have removed priv 'GTG_GLOBAL_USER_CONFIGURATION_VIEW_IN_APPLICATION_CONFIGURATIONS_PRIV' (Allows viewing of the Global User Configuration) …testing finds the user can still view all users !?!
Also, these roles provide access to TOOLS > Scheduled Processes section to be able to run reports that are not stated in list of Privileges stated from original list x2 roles (as far as I can see).. Any one else tried this?