There are cases that inherited roles become orphan. Symptoms are seen like a role no longer contained by its former parent still shown under some users with the flag 'inherit' set in true.
This article provides a simple way to clean up such orphan roles.
Please follow below steps to clean up the orphan roles:
- Login the instance as Admin.
- Elevate to the Security Admin role. This is very important as without the role, the clean-up is not doable.
- Navigate to Scripts - Background and execute below command. If the numbers of records in the sys_user table and sys_user_has_role table is big, please make sure to uncheck the option of 'Cancel after 4 hours' to avoid the clean-up process being terminated half way.
- Paste below code to the Script box and run it:
The API will scan all the users and roles, re-calculate the inherit relationship to fix any orphan situation. It can run for a very long time in case there are large amount of users and roles. As such, it is always good to test the clean up on a full clone of your Production to get a better estimation.