How to troubleshoot role inheritance causing unexpected access?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
6 hours ago
Body:
Hello Experts,
A user currently has access to modules and records that were not intentionally assigned. After investigation, I suspect the access may be inherited through another role.
What is the best approach to:
- Identify inherited roles?
- Trace role relationships?
- Determine the exact source of access?
- Remove unnecessary permissions safely?
Any troubleshooting recommendations would be greatly appreciated.
Thank you.
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
6 seconds ago
Use User Administration > Users > [User] > Roles and check Inherited = true to identify inherited roles.
Also:
- Review User Role (sys_user_has_role) to see how roles are assigned.
- Open the parent role and check Contains Roles to trace role inheritance.
- Use Security Debug or Debug Security Rules to determine which role grants access.
- Remove only the unnecessary parent role or group membership after confirming there are no dependencies.
Please Accept the solution if it assisted you with your question & Mark this response as Helpful.