We need to prevent role owners from adding new members for their roles via standard Role Page.
For this purpose we tried to leverage on SecurityContext file functionality of VIA. However we could not decide which is the correct action to set in custom SecurityContext.csv that would enable Role Owners to
- change entitlements and meta data
- not to add/remove members from role
There is “Edit Entitlements” attribute but this does not provide privileges to modify role attributes.
Moreover, when we try to upload securityContext.csv file with below data we get warning “invalid action”. What are we doing wrong?
Any one has any idea?
Can we achieve required behavior with SecurityContext files? How?