Enable 'require approval' on a per user (vs per role) basis
Currently, PIM only provides a "Require approval to activate this role" setting on a per role basis. I would like to see this on a PER USER basis. So a user would be either: Permanent, Eligible, or Eligible (approval required)".
This is more in line with the trust model we want, allowing fewer permanent assignments. Some people would be trusted to self-elevate; others would require independent approval.