These authorization options are for work items of authType AttestationWorkItem:
The Work Item owner
A direct or indirect manager of the Work Item owner
An administrator who controls an organization in which the Work Item owner belongs
Users who have been validated through authentication checks
By default, the behavior for authorization checks is one of the following:
Owner is User attempting the action
Owner is in Organization controlled by user attempting the action
Owner is a subordinate of user attempting the action
The second and third checks are independently configurable by modifying these form properties:
controlOrg — Valid values are true or false
subordinate — Valid values are true or false
lastLevel — Last subordinate level to include in the result; -1 means all levels
The integer value for lastLevel defaults to -1, meaning direct and indirect subordinates.
You can add or modify these options in the following:
If you set security on attestations to organization-controlled, then the Auditor Attestor capability is also required to modify another user’s attestations.