Hi, In FIM Portal 2010, non-admin users which are members of Security Group Users, can access Security Groups, according to two MPRs: "Security group management: Users can add or remove any member of groups subject to owner approval" and "Security group management: Users can read selected attributes of group resources". But, when these users try to remove a member from a SG, an request for approval is generated, and then this request is automatically rejected. The request that is generated when a user tries to remove a member from a SG, has two applied policies: "Group management workflow: Validate Requestor on remove member" and "Security group management: Users can add or remove any member of groups subject to owner approval". Any idea how "Group management workflow: Validate Requestor on remove member" MPR works? As requestor set, this MPR has "All Non-Administrators". What should I do, in order to make possible to trigger an request for approval for the SG owner, when a user tries to remove a member from a SG? Thanks, Griselda

you have to remove the "validate requestor on remove member" because it essentially determines that if you aren't the group owner, you can't make the request to remove anyone. This can be found by looking at this workflow: Requestor Validation With Owner Authorization