From a consultant perspective I can confirm that this led to some confusion the past. So, +1 for the FR because of the need.
But I don’t like the suggested solution. A quick win (and for me, the better solution) would be to just add a “(agent only)” to the description of that permissions.
My reasoning is, that this role might be something that you want to grand agents and customers and you should be able to do that.
Use-Case where “greying out” or disabling it, would be problematic:
- You want to create a LDAP-Group that grants your agents the permission to change their notification settings. But for safety-reasons you want the “agent” permission in a separate group/role.
