Hello everyone,
I just found a problem with the expiration dates principle.
I tested the following process: Add via 2 API calls (/v3/access-requests) a role with “removeDate”: “2024-07-15T14:00:00.000Z” on 2 users.
When I check on the GUI, I can see for both of them in the role’s “Expiration Date” column: “7/15/24 EDIT” from the Team Members page (normally used to extend by managers). Then for one of the 2 I delete the role via the same call, and it disappears from the GUI. Then I put it back without removeDate via the API call. In the GUI it reappears without the “7/15/24 EDIT” information.
However, when the date “2024-07-15T14:00:00.000Z” appears, the role is removed from both users, not just the one untouch.
I can also see that an access-sunrise-sunset account activity appears in the search for both users.
I can therefore deduce that the end date of a AP is not linked to the access request, but to the right itself, even if it is deleted from the user’s profile.
We have this kind of problem in production, and I’d like to be able to delete the right of certain collaborators, but also the associated removeDate, so that if the right is assigned to them afterwards, it won’t be revoked unnecessarily.