Notifications

11 views

Issue

Symptoms

Same role is added to user profile in sys_user_has_role table multiple times

Release

Any Release

Cause

This is an OOB functionality caused by role inheritance which can be ignored.

Resolution

- Roles can be added to a user in different ways like:
  1. Add as the base role
  2. Role is contained by another role, or
  3. Any roles (and their contained roles) that are part of a Group.
- When a role is added to a user either by adding such inherited Roles or a Group that has inherited roles, by design system creates duplicate entries    in the sys_user_has_role table to track what added the role.
- This can be tracked in the Inherited, Inheritance Count, and Inheritance Map fields that will shows how the role was added to the user profile.
- As a result, when a group is removed from a user profile, the system only removes the roles added via the removed group.
- In case the user still has a parent role that contains one of the removed roles from the group, the contained role is not removed from that user          profile as part of that inheritance.

Additional Information

You may refer to the Community article below which attempts to explain this well from a Group perspective:

Group assigns multiple same roles to same user

Article Information

Last Updated:2019-08-02 20:37:07
Published:2019-07-18