Removing roles from a User

GaneshErike
Tera Contributor

‎07-03-2025 09:17 AM

Hi,

 

One user is part of 7 groups. Out of those, one group was archived a long time ago, but the user is still showing as a member of that group. Some roles are being granted through this archived group.

 

I tried removing the user from that group in the test instance, but the roles are still present.

 

I need to remove the roles that were granted specifically by that archived group. Any idea why the roles are still there even after removing the user from the group? Or how I can clean this up properly?

 

Thanks.

0 Helpfuls
  • 940 Views
17 REPLIES 17

Dr Atul G- LNG
Tera Patron
Tera Patron

‎07-03-2025 09:20 AM

Hi @GaneshErike 

The primary reason might be that the user is getting the role through another group, as roles can be inherited. So it’s difficult to pinpoint exactly which group is granting the user access.

*************************************************************************************************************
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.

Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/atul_grover_lng [ Connect for 1-1 Session]

****************************************************************************************************************
0 Helpfuls

GaneshErike
Tera Contributor
In response to Dr Atul G- LNG

‎07-03-2025 10:38 AM

Hi @Dr Atul G- LNG,

 

Thanks for the response.

I am specifically looking for SPM Related roles like it_project_manager, it_project_user.

In sys_user_has_role table, it is showing these roles are granted by That Archived Group.

 

 

 

 

0 Helpfuls

Dr Atul G- LNG
Tera Patron
Tera Patron
In response to GaneshErike

‎07-03-2025 11:57 AM

Hi @GaneshErike 

 

So you need to see what other group that user is member has this specific role. 

*************************************************************************************************************
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.

Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/atul_grover_lng [ Connect for 1-1 Session]

****************************************************************************************************************
0 Helpfuls

AshishKM
Kilo Patron
Kilo Patron

‎07-03-2025 09:30 AM

Hi @GaneshErike ,

 

"one group was archived a long time ago" means group marked as active = false and all associated role(s) removed from that group. If role(s) not removed yet then remove it first. 

 

After the above step, check if user still hold the same role(s) then check the inheritance map for source of that role.

 

AshishKM_0-1751560153696.png

 

-Thanks,

AshishKM


Please mark this response as correct and helpful if it helps you can mark more that one reply as accepted solution
0 Helpfuls