When the Human Resource Scoped App: Core plugin, records with empty roles may get added to the sys_user_has_role table for admin users.

This can be due to missing plugin checks for Contained Roles records when the common Human Resources: Scoped App: Security dependency is installed.

For example, when HR is installed, sn_hr_le.admin role (94563e2f3b032200705d86a734efc41e) and sn_hr_migration.admin role (5105ef1d0b632200f9fd064d37673a27) get added to admin users. 

Steps to Reproduce


  1. On an out-of-box instance, activate the Human Resources Scoped App: Core plugin.
  2. Go to the sys_user_has_role list.
  3. See that there are rows with empty roles (search for admin users)
  4. Inspect the system logs and see there are RoleManagementHandler entries warning about adding non-existing roles.


Delete the empty sys_user_has_role records (but do not delete any sys_user_role_contains records).

Related Problem: PRB1248935

Seen In

Jakarta Patch 5

Fixed In


Associated Community Threads

There is no data to report.

Article Information

Last Updated:2019-05-21 11:42:28