Since few days I'm looking a way to achieve that business need:
In the company, We have over 65 division manage by there own manager and
each division got around 10 employees
We want a divion manager can be able to assign a role to employee into
their own division only. To achieve that we create a "team" with a
dynamic group base on the directreports as "manager" and the member of
that team is "relation manager-employee".
That's work great and all my division manager can assign roles to their
own employee only.

BUT.. I would like to let the manager to give a temporary permission to
a specific employee in his division to do the same job mean
"assign/revoke" role to their division only.

I tried the "proxy mode" but it seem that it's not possible to assign
role during a proxy mode. I also try to use the delegation but found
that's seem to only work with a PRD. Now we only use the "manage"
function in the userapps portal or the "request access for others" with
the Home portal.

Any idea what will be the best way to achieve my goal?

Thanks for all hints!

deltasigma's Profile: https://forums.netiq.com/member.php?userid=2157
View this thread: https://forums.netiq.com/showthread.php?t=55894