Authorisation Node Advice

[Lee C]

Hi

I have a workflow and capture form setup at the moment for when someones account is requested to be suspended, i want this to reject if the requestor doesn't meet any of the below 2 criteria

The requestor Is not from HR - (our hornbill is setup where it looks like on the user profiles it has in custom field attribute 6 the department/service the requestors are part of, see below) so if on custom fields attribute 6 if it doesnt have HR i would like the ticket rejected, i know how to reject tickets i just dont know what nodes to use for the department check 

The requestor is not higher up in the management chain than the line manager This one might be quite hard to do i admit as all i can go off is can Hornbill check the user account to be suspended in AAD who the line manager for that is and then email that persons manager? so in effect emailing the line managers manager, or can i do that via hornbill automation where it emails the line manager like i have it below and it also then emails the line managers line manager if that makes sense?

I currently have my workflow setup where all it does is email the line manager for authorisation that shows on the hornbill record for the account that is to be suspended as below