Remove access button is enabled for accesses not assigned to user

Document ID : KB000014315
Last Modified Date : 14/02/2018
Show Technical Document Details

The remove access "-" button is enabled even if the access is not assigned to the user under the Applications tab in the Access > Request for Self. 

Is there any way to ensure that only user assigned with the access can see or click the button?

remove access button.png


This is the expected behavior. However it is configurable. 
In Identity Portal's Admin UI, go to Environment -> UI Configuration screen and look for the field "strict cart mode". 
Change the value from "false" to "true" and save. This should achieve the behavior you would expect.