Role Management - Inheritance issue.

Ramkumar Thanga
Mega Sage

yesterday

Hi,

We assigned the image_admin role to the knowledge role. As a result, users who already had the knowledge role inherited the image_admin role.

Later, we removed the image_admin role from the knowledge role. While the image_admin role was correctly removed for some users who had inherited it via knowledge, it was not removed for most users.

Upon checking the inheritance map, I found that there is no longer a relationship between those users and the image_admin role. However, the corresponding records in the sys_user_has_role table still show the inheritance flag as true.

RamkumarThanga_1-1757512043965.png

According to a KB article I found, this can occur if the removal transaction was interrupted (e.g., due to a timeout or cancellation), preventing the cleanup from being fully completed.

To resolve this, I need to identify and remove the image_admin role for users who inherited it specifically via the knowledge role.

Is there a way to identify users who were granted the image_admin role through the knowledge role?

Thanks,
Ram

0 Helpfuls
  • 510 Views
12 REPLIES 12

Swapna Abburi
Mega Sage
Mega Sage

yesterday

Hi @Ramkumar Thanga 

Try with date and timestamp when image_admin role was added to the user based on the timestamp the role was added to Knowledge role to identify the users. Sometimes, if the inheritance is broke due to timeout or other reasons, we may not be able to delete role mapping from UI/background script.


If you are not able do cleanup from UI/script then contact ServiceNow support so they can do it from backend.

Ramkumar Thanga
Mega Sage

yesterday - last edited yesterday

Hi @Swapna Abburi , 

 

Is there any other way to filter instead of the date and timestamp. 

 

Thanks!

Ramkumar

0 Helpfuls

Swapna Abburi
Mega Sage
Mega Sage
In response to Ramkumar Thanga

yesterday

As you are saying the inheritance got broken, I am not sure if there is any other way to find out.  

Bhuvan
Kilo Patron

yesterday

@Ramkumar Thanga 

 

Go to sys_user_role table and in the related list go to Users and add field Inheritance Map. See if it helps to identify the user whose role was inherited from knowledge role

Bhuvan_0-1757514682028.png

If this helped to answer your query, please mark it helpful & accept the solution.

 

Thanks,

Bhuvan

0 Helpfuls

Ramkumar Thanga
Mega Sage
In response to Bhuvan

yesterday

Hi @Bhuvan   

 

Thanks for your inputs,

The problem here is even after removing the child role role from the parent role, the users who holds the parent role still holds the child role and the inheritance was set as true, if you see the inheritance map the relation was broken, and we need to remove such records from sys_user_has_role table.

Please have a look into the question again for more info.

Thanks again!

Ram

0 Helpfuls