Quick but important question, what is the difference between the 2 operations on the request module?
As far as I understand, the difference is ultimately whether the account level is relevant or not. Assume a User has 2 accounts in the same application, where both accounts have access to a specific AppRole.
RemoveAppRoleFromAccount will target the access of a specific account, so the change item will be verified when that specific Account loses access to the AppRole.
RemoveUserFromAppRole doesn't really care about the account layer, so the change item will only get verified when the User no longer has access to the AppRole from any of the accounts (both accounts need to lose the AppRole).
Far enough. Thanks Mostafa.
I will replicate the different scenarios and come back to you.
Retrieving data ...