Administrators unable to remove or add roles in scoped applications access
For instance, administrators are unable to add or remove role 'sn_hr_sp.hrsp_employee' in a scoped application.
Steps to Reproduce Using 'sn_hr_sp.hrsp_employee'
- Install the Plugin "Service Portal for HR - Service Creator categories"
- Locate the role "sn_hr_sp.hrsp_employee".
- Try to add or remove this role 'sn_hr_sp.hrsp_employee' impersonating a user with administrative access.
- You will not able to add or remove this role even with administrative access.
Verify the value for 'Assignable by' and grant that role to the user to be able to add or remove roles
The following is a resolution, taking 'sn_hr_sp.hrsp_employee' as an example:
1.In the table 'sys_user_role' check that the role 'sn_hr_sp.hrsp_employee' belongs to the scoped application.
2.Here the role 'sn_hr_sp.hrsp_employee' belongs to the scoped Application "Human Resources: Service Portal" as shown below:
3. ‘Assignable by’ is 'sn_hr_core.profile_writer' and hence the user must contain this role to add or remove the 'sn_hr_sp.hrsp_employee'.
4. After granting this role, the user will be able to add or remove the role 'sn_hr_sp.hrsp_employee'
Scoped application roles have the field ‘Assignable by'. ‘Assignable by’ specifies the role that the user must have to be able to add or remove scoped application roles.