Hi team!
As an Admin, I can’t aggregate/enable/disable/remove my own accounts in the UI: ui/admin#admin:identities:users:2c9180867e25ee68017e2ae81389562b
The actions button is grayed out here and made unclickable. This is quite annoying if I am testing something in a development environment on my own account, when I need to log in the target application with my own account.
If this removal of functionality was done deliberately, probably for security measurements, I would like to argue that this actually gives a false sense of security as we can bypass it easily through several ways. We could:
1: Do exactly the same operation through the APIs, which do not have this security control implemented.
2: Create API credentials through ui/admin#admin:global:security:apimanagementpanel with which we can perform the operation
3: Create a dummy identity, grant it admin credentials, log into that dummy admin account and perform the action anyway.
4: Manually correlate this account to another identity, perform the action and if applicable, manually correlate the account back
Since this functionality blocker is not truly providing a security control, I would think it makes more sense to remove this functionality blocker such that we can at least easily aggregate/disable/enable our own accounts as admins.