I have a security group that have Edit All Requests permission. In a request type, the security grants are not set however the delete button is enabled. However if I remove the Ediat All Request Permission from the group the button is hide.
Is this the default behavior of that permissión? Isn't supposed to be the only posibility to delete requests, the request type grants options?
"Edit All Request" is the main grant which override the setting done in "User Access" tab in Request Type. So this is normal behaviour. In addtion to this if "Edit All Request" grant is given it will give access to all the active Request type in the system irrespective of the security define in Request Type level. "Edit All Request" grant include access for.
changing the request's workflow
Generally as per best practise we sould avoid Edit All grant and rather just give "Edit Request" grants and then define the appropriate access in User access tab of Request type (i.e. view, edit, create, cancel and delete).
Cheers.. Utkarsh Mishra
-- Remember to give Kudos to answers! (click the KUDOS star)