User still has role after being removed from group

rudy6
Tera Contributor

‎10-05-2020 01:44 PM

I noticed a few times that a user still has the itil role and other roles after being removed from the group that provided the roles.

Our instance is syncing users and select groups from our AD / Azure environment.
A month ago a user was added to the IT dept. group, which has the itil role. Last week the user was removed from IT dept. group. This week I reviewed the user record and confirmed removal from the IT dept. group, but the itil role still shows at the bottom of the User page and the user still has itil access and the role still shows 'inherited' is true.
The user is active, has two group memberships, neither of the groups have any roles assigned.

A. How do I remove the roles from this user?

B. How do I prevent it from happening to other users when they are removed from groups that provide roles?

Thank you in advance for any suggestions to track down this issue.

Rudy Arlt

Labels:
0 Helpfuls
  • 2,452 Views
8 REPLIES 8

Willem
Giga Sage
Giga Sage

‎10-05-2020 02:02 PM

Check if inherit is set to false. The role can have been added manually. A. You can manually remove the roles B. If it is manually added, you can check on the user has role record who updated/created it
0 Helpfuls

rudy6
Tera Contributor
In response to Willem

‎10-05-2020 02:09 PM

find_real_file.png

Preview file
11 KB
0 Helpfuls

Willem
Giga Sage
Giga Sage
In response to rudy6

‎10-05-2020 02:14 PM

Can you check the inheritance map? You can add that to the list:

find_real_file.png

 

Add the field and check by clicking on it:

find_real_file.png

 

It will show you where the role is coming from.

Preview file
10 KB
Preview file
9 KB

rudy6
Tera Contributor
In response to Willem

‎10-05-2020 02:19 PM

Thanks.

find_real_file.png

Here's what I see on the inheritance map. Create date is when he was added to my IT dept. group. He's no longer a member of that group.

Preview file
11 KB
0 Helpfuls