I'm not quite sure how to make this workflow work, so here's what I'm trying to accomplish:
I'm trying to create several roles to be used in high volume the near future that will not have common identifiers to determine automatic membership for the role. All entitlements will be AD groups that will go through AFX fulfillment. My team will manually add the user to the Role. All of these Roles have been manually approved on paper, and with the current process if the AD group is approved on paper, it is not requested for approval when a new or transferring user needs to be added to the AD group as part of their job Role.
On role creation, I'd expect that Change Request to go through a normal approval process and for the AD group owners to "approve" that the AD group should be part of this role.
What I'd like to avoid is for when a new or transferring employee is manually added to the Role, I'd like for only the Role Owner to approve that change, and NOT the AD group owners themselves (since that isn't what they do now).
I'm not quite sure how to make this work. I don't want to change the overall Role workflow, just the workflow when new users are added to these specific roles. Maybe a new role set for these roles? If they're auto approved anyway for these Roles does it matter if it's fulfilled manually or via IMG and the individual groups doesn't need to be approved in IMG? Just thinking out loud on some of this.
Thank you all for your help!