When using the default workflow (corrected for roles) the approval task will accept a response of "No" but the user is provisioned to the denied resource anyway. What is the correct approach to denying access to one resource but granting access to others?
Scenario: 1. Admin creates a new user and with a resource of "Active Directory-IP" and a role of "Active Directory User". 2. The role routes the action to a user task. 3. Another participant, the approver, picks up the user task on her ToDo list and claims it. 4. The approver selects "No" on the Boolean 5. The task completes 6. The user is provisioned to Active Directory anyway. Attempts to modify the workflow to delete the syncopeUser on a denial fail in that the task ignores the "No" selection and remains on the ToDo list for the assignee. Thanks, dave.
