Records with empty roles are created in sys_user_has_role table after HR Scoped app is installed (KB0696678)

Description

When the Human Resource Scoped App: Core plugin, records with empty roles may get added to the sys_user_has_role table for admin users.

This can be due to missing plugin checks for Contained Roles records when the common Human Resources: Scoped App: Security dependency is installed.

For example, when HR is installed, sn_hr_le.admin role (94563e2f3b032200705d86a734efc41e) and sn_hr_migration.admin role (5105ef1d0b632200f9fd064d37673a27) get added to admin users.

Steps to Reproduce

On an out-of-box instance, activate the Human Resources Scoped App: Core plugin.
Go to the sys_user_has_role list.
See that there are rows with empty roles (search for admin users)
Inspect the system logs and see there are RoleManagementHandler entries warning about adding non-existing roles.

Workaround

Delete the empty sys_user_has_role records (but do not delete any sys_user_role_contains records).

Related Problem: PRB1248935

Description

Steps to Reproduce

Workaround

Seen In

Fixed In

Associated Community Threads

Article Information

Notifications

Description

Steps to Reproduce

Workaround

Seen In

Fixed In

Associated Community Threads

Article Information