The problem is that that a userid is associated with a domain, and that should not be editable. That is a security issue regardless.
In addition, only a domain admin should be able to assign roles for things inside their domains. Role assignments are owned by the assignment domain, not the identity domain
The problem is that that a userid is associated with a domain, and that should not be editable. That is a security issue regardless.
In addition, only a domain admin should be able to assign roles for things inside their domains. Role assignments are owned by the assignment domain, not the identity domain