So if I'm understanding:
1) User creates profile, selects role
2) User clicks button to add themselves to that particular role
From your original description - I'm going to go out on a limb and make an educated guess that you're going to have an issue that unless you granted everyone 'sharing' access to this app or others - they won't be able to add themselves to a new role regardless. Basically their permissions likely won't be high enough to actually apply themselves to a role - because they need 'Basic + Sharing' which opens up the 'Users' tab
That said - another approach might be to re-think how to chain the actions together. Basically - instead of the button adding them in the role - you can use the button to make your API_GetUserinfo call - and then store the user ID in the record as a field - basically the way you want to with IOL - but this way it's user initiated. When that field is written - you could have a webhook fire - and the webhook could do the provisioning of the actual user as a background action that isn't reliant on the particular user trying to provision themselves.
Chayce Duncan | Technical Lead
(720) 739-1406 |
chayceduncan@quandarycg.com Quandary Knowledge Base