Hi,
We assigned the image_admin role to the knowledge role. As a result, users who already had the knowledge role inherited the image_admin role.
Later, we removed the image_admin role from the knowledge role. While the image_admin role was correctly removed for some users who had inherited it via knowledge, it was not removed for most users.
Upon checking the inheritance map, I found that there is no longer a relationship between those users and the image_admin role. However, the corresponding records in the sys_user_has_role table still show the inheritance flag as true.
According to a KB article I found, this can occur if the removal transaction was interrupted (e.g., due to a timeout or cancellation), preventing the cleanup from being fully completed.
To resolve this, I need to identify and remove the image_admin role for users who inherited it specifically via the knowledge role.
Is there a way to identify users who were granted the image_admin role through the knowledge role?
Thanks,
Ram
Repair the 'Contextual Security: Role Management V2' plugin and that should re-create sys_user_has_role table. I had to use the "Classic App Manager" from the "Plugins" module to access that.
Contains a 'Fix Script' that runs. If that doesn't help, Create a Support Case as recommended to have Servicenow run the script. They can provide a list of changes to review prior to running the script with 'dry-run' off.
