Duplicate Roles

soelofsen · ‎10-17-2008

Hi Guys,

We are experiencing an issue with the roles.
We are seeing users with almost 50000 role entries in their user account.
If we add a single role to a user, the view_changer and template editor adds itself exponentially.

An example is, a user had 138 associated roles. I added the user_admin role to the user, and after the addtional, there was 336 associated roles.

Has anyone else experienced this, or is this expected behaviour, but its making managing roles almost (not almost, it is) unmanagable.

Please advise

Thanks
Shaun

CapaJC · ‎10-17-2008

Definitely unmanageable if that's happening. Have you set up your roles to include other roles?

stranger_tepa · ‎10-17-2008

Groups and Roles are based on hierarchy. For instance the 'itil' role includes role 'template_editor'. So if you give your user 'itil' role, you are also giving 'template_editor' role. Also let's assume that group 'Vendor Administration' includes the 'itil'. If your user currently has itil role and you add him/her to 'Vendor Administration', itil role will duplicate as well as 'template editor'. Currently the system does not ask if this user already contains this role before adding new roles. This is expected behavior. The system doesn't care how many times a role exists as long as when it goes looking for the role if finds it.

I like what Myla Jordan, a SNC representative said when we asked the following:
So there is no logic that asks if a user already has a role, don't give it to them again? So a user could be in 5 different groups that all have ITIL and they will then have ITIL 5 times?
Answer: "Well, no. BUT I kind of like that each addition has a record of its own outlining how you got that role, from what group, or if it was included in another role."

I guess that if you don't like the way it is implemented or maintenance is giving you a headache, you might want to re-engineer your groups and roles to eliminate redundancy.