Observed on the instance the Roles are getting assigned to users repeatedly as a duplicate record.
Could any one help me understand this scenario of how Roles are getting imported from the AD. The LDAP server import schedule executed every day for all the users and the user/users is/are automatically created/updated on the SN side.
Hi,
Roles are generally not added to User or Group Profile from AD at least OOB it does not add it to the profile.
This is a manual step where some one from the team might have added the Role manually and the other role which you are seeing is coming from the group.
So, what would have happened as below:
1) User was added to the group from AD integration and the group might be having that Role so user has got the role as shown in your screenshot below:
2) Additionally some one might have added the role directly to the user profile and hence you are seeing two records in your screenshot attached below:
If you see ITIL user in yellow looks like a Group through which Role has been granted where as the other is a manual addition directly on the user Profile.
On User Table in Roles related list there is a field named as "Granted By' check if that has a value then definitely it came from a group else some one has added it manually.
You can add Created and Updated by in Roles related list and see who has updated the profile,
Hope this helps. Please mark the answer as correct/helpful based on impact.
Regards,
Shloke
Thank you for your reply Shloke.
The only reason I am searching Why I see the Granted By is (empty) most of the times.
Here The Roles are never assigned manually to the itil users except the admins of the ITSM/ Other apps.
All Roles they get it from the groups they belong to.
The only scenario explained to me is when a user profile created in AD it is cloned form an existing similar kind of a user profile.
My Question is still why the Granted By column shows (empty). And How to get rid of this duplicate list of Roles and have an optimized list view of Roles.
Thanks,
Sonali.
