Removing roles from a User
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-03-2025 09:17 AM
Hi,
One user is part of 7 groups. Out of those, one group was archived a long time ago, but the user is still showing as a member of that group. Some roles are being granted through this archived group.
I tried removing the user from that group in the test instance, but the roles are still present.
I need to remove the roles that were granted specifically by that archived group. Any idea why the roles are still there even after removing the user from the group? Or how I can clean this up properly?
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-03-2025 11:09 AM
Hi @GaneshErike ,
Just a note — deactivating a user group does not remove the roles that users got from that group. If a user is still in the group, they will still have those roles. So, make sure to remove the roles first.
Also, check if the role is coming from another group the user belongs to, or if it was assigned directly to the user.
If my response helped, please mark it as the accepted solution ✅ and give a thumbs up👍.
Thanks,
Anand
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-03-2025 10:43 PM
Hi Anand Kumar,
I am not able to see the roles in archived group; it is in read only mode.
Roles are coming from the archived group.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-03-2025 11:42 AM
Are your user groups synced from AD or something which may be overriding your manual removal of the user?
In either case as @AshishKM pointed out, when a group is archived the roles should be removed from it as archiving does not disable those associations. Rather than removing the user from the group, try removing the roles from the group.
Also after changing roles/permissions make sure to completely exit your browser and relog into the instance to make sure that the changes are being applied otherwise session information may be out of date.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-03-2025 12:26 PM
Hi @GaneshErike,
Hope you're doing well!
You can remove the roles from the group in test instance and see if that helps.
Sometime re-adding the user to the group and then removing the user again helps, this triggers the cleanup workflows/scripts and revokes roles inherited from that group.
If you still see roles after removing the user from group, check the sys_user_has_role records creation time, if its recent - may be a script/flow running to re-add the roles to the user after you remove the user from group.
You might want to check if the user is getting re-added to the group after removing the user from group or just roles are being added.
Best Regards,
Sharif
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-03-2025 10:45 PM
Hi @Masthan Sharif,
I am not able to see the roles section in archived group as it is in read only mode.
