User still has role after being removed from group

rudy6
Tera Contributor

I noticed a few times that a user still has the itil role and other roles after being removed from the group that provided the roles.

Our instance is syncing users and select groups from our AD / Azure environment.
A month ago a user was added to the IT dept. group, which has the itil role. Last week the user was removed from IT dept. group. This week I reviewed the user record and confirmed removal from the IT dept. group, but the itil role still shows at the bottom of the User page and the user still has itil access and the role still shows 'inherited' is true.
The user is active, has two group memberships, neither of the groups have any roles assigned.

A. How do I remove the roles from this user?

B. How do I prevent it from happening to other users when they are removed from groups that provide roles?

Thank you in advance for any suggestions to track down this issue.

Rudy Arlt

8 REPLIES 8

Willem
Giga Sage
Giga Sage
Check if inherit is set to false. The role can have been added manually. A. You can manually remove the roles B. If it is manually added, you can check on the user has role record who updated/created it

rudy6
Tera Contributor

find_real_file.png

Can you check the inheritance map? You can add that to the list:

find_real_file.png

 

Add the field and check by clicking on it:

find_real_file.png

 

It will show you where the role is coming from.

rudy6
Tera Contributor

Thanks.

find_real_file.png

Here's what I see on the inheritance map. Create date is when he was added to my IT dept. group. He's no longer a member of that group.