Hi,
We assigned the image_admin role to the knowledge role. As a result, users who already had the knowledge role inherited the image_admin role.
Later, we removed the image_admin role from the knowledge role. While the image_admin role was correctly removed for some users who had inherited it via knowledge, it was not removed for most users.
Upon checking the inheritance map, I found that there is no longer a relationship between those users and the image_admin role. However, the corresponding records in the sys_user_has_role table still show the inheritance flag as true.
According to a KB article I found, this can occur if the removal transaction was interrupted (e.g., due to a timeout or cancellation), preventing the cleanup from being fully completed.
To resolve this, I need to identify and remove the image_admin role for users who inherited it specifically via the knowledge role.
Is there a way to identify users who were granted the image_admin role through the knowledge role?
Thanks,
Ram
true,
let's do it like this with inh_count
for your instance, you can use Role = image_admin AND Inherited = true then Inheritance map on a row
if it shows knowledge → image_admin, that user truly gets it from knowledge.
if the map is empty and inh_count = 0, it’s an orphan (stuck record).
for fix you might need ServiceNow support.
