We synchornise our user accounts with AD and, subsequently, all staff have the capability to login to Staff Assignment and add/remove from groups. This poses a risk and security issue. We require the ability to lock down who has access to staff assignment and which departments or group they have access to add/remove staff from.

From a voice perspective, we apply permissions to staff so they cannot add themselves to inappropriate roles, but the Staff Assignment console bypasses this security mechanism.

At the moment, we limit the advertising of this tool and govern by policy. But it'd be great to roll out to the business extensively.