When the IsPrivate binding is enabled, only users and roles listed in the Assigned To and Assigned Users (multi-assign) can access the form instance.
We would like to stop non-admin users from being able to remove roles or users that are already on the list. They should still be able to add to the list.
This would prevent accidental revoking of access by end users.
Admins should still be able to remove from the list in case incorrect users or roles are added and saved.
This is a high risk in multiuser forms that we develop on our project. One option would be to have a separate Assignees property that admin can assign roles/users through transition or API call