Of course I am not referring to new users this is obvious just changes and deletions
We have a very restrictive role design based on the location (Plant). With Location A, not being able to see the data from location B, C, D...etc, We have over 300+ locations so we control the users by allocationg users to user groups that match the planat. So a user from Location A is only assigned roles for plant A.
The Financial controller from the site requests change for his users and the function location controls who approves the request, configured in BRF+. I am amazed that a tool allows a controller, who is responsible for location A to assign roles for location A to any user in the system without restriction or delete a user that is not under their control, even in error. This is a recipe for Fraud!
Hope this is clear