I have an owner of a Fire Fighter account (FFID) who is NOT on the list of people authorized to use the same FFID account but I observed this person make a request for his own FFID and then via workflow observed the receipt of the request for approval. He approved his own request and then logged onto the account. Question is...since this person is the FFID Owner does this access authority inherently give them the ability to request their own account which again he owns. Again, this person is NOT set-up as a Fire Fighter for this account but is the Owner and Controller. Maybe this is some sort of configuration setting to allow such activity.
Thanks for any feedback.