We use Regex Provisioning Template providers to validate input fields on our provisioning profiles. For example to ensure URLs meet our governance standards. And this works great in controlling the initial submission on the AddProvReq.aspx page. However the validation does not seem to apply to EditProvReq.aspx page.
Some of our more clever users have noticed this and are modifying the request right after submission to exploit this validation loophole.
Is there a way to enforce the same Regex on both the Add and Edit forms? Or is this something that can be fixed in a patch?
Our alternative is to modify the permissions on the Provisioning Requests list to not allow “Provisioning Users” to modify requests. We’d prefer to keep this option open to users to allow them to correct any errors in initial request. Also I’m not sure if this would interfere with any internal workflow updates, that might occur after user submits the request.
You may have indeed found a validtion loop-hole in SPA. We will check into this issue and report back.