You have a fine-grained role review which allows role reviewers the ability to remove members and entitlements from roles. It also allows role reviewers the ability to delete roles and all their associated members and entitlements. While modifying role content is okay, you do not want reviewers requesting that roles be deleted.

In this case to prevent role deletion from a review, a Cancel Change Request node was added to the fulfillment workflow that processes role requests. If a role reviewer requested a role be deleted, the resulting change request would delete the role. The Cancel Change Request node would then attempt to add back the role by reverting the changes already made (that is, the role was deleted). Adding the role back was a manual activity. The problem is that when the manual change was made, the following error would occur and the role was not added back.

[Test1] have been deleted.  Please cancel the change request.

Further, because this action was not allowed, the change request could not be completed.

Image description

Note the fulfillment workflow shown below. The workflow has a decision node to verify if the reviewer is deleting the entire role. If so, then it is passed to the Cancel Change Request node with Event Type of Cancel entire request and revert completed changes.

Image description

Below is the change request created for one such change. There are two role changes created, one is to Remove the entire role as per the reviewer activity and the other one is to Add the deleted role back by cancelling the request and reverting the changes (as defined by the Event Type setting).

Image description
Note the Add Role is in a Pending Action state which requires a manual activity. When the assigned user goes to complete the Add Role manual activity, the above error occurs.