We recently kicked off and completed our annual Role Review for 2019. We are currently configured to have all Role Owners Maintain/Revoke access for entitlements/groups/app-roles contained within the role. We then have Information Security Sign-Off that these changes are valid. Generate Change Request is set to "Automatically".
In the process, several role owners maintained all of the access in their role. For some reason the review results shows the role owner maintained all access, however under Role Management, the role is shown as "Changed". When I go into the role, the "Action" on the Members and Entitlements tab does not have anything selected. I can click either Revert Changes or Apply Changes. Revert warns me that the role has been changed in the role review and the only previously committed version is at the time of Role Review Sign-off. Apply says that the system is going to re-add all the users and all the entitlements to the role despite the fact the role shows me they are all in the role still.
Is this expected behavior?