User still has role after being removed from group

rudy6
Tera Contributor

‎10-05-2020 01:44 PM

I noticed a few times that a user still has the itil role and other roles after being removed from the group that provided the roles.

Our instance is syncing users and select groups from our AD / Azure environment.
A month ago a user was added to the IT dept. group, which has the itil role. Last week the user was removed from IT dept. group. This week I reviewed the user record and confirmed removal from the IT dept. group, but the itil role still shows at the bottom of the User page and the user still has itil access and the role still shows 'inherited' is true.
The user is active, has two group memberships, neither of the groups have any roles assigned.

A. How do I remove the roles from this user?

B. How do I prevent it from happening to other users when they are removed from groups that provide roles?

Thank you in advance for any suggestions to track down this issue.

Rudy Arlt

Labels:
0 Helpfuls
  • 2,461 Views
8 REPLIES 8

Willem
Giga Sage
Giga Sage
In response to rudy6

‎10-05-2020 02:21 PM

Can you check if this is happening for other users as well? Is this happening recently?

Check your synchronization if the integration has sufficient rights in the system.

 

Can you check the logs for any errors or warning around the time the user is removed from the group?

0 Helpfuls

asifnoor
Kilo Patron

‎10-05-2020 02:02 PM

Hi,

Check if the role is inherited form any other group to which he is still a member of. 

Secondly check if the user is assigned that role explicitly.

Mark the comment as a correct answer if this answers your question.

0 Helpfuls

rudy6
Tera Contributor
In response to asifnoor

‎10-05-2020 02:13 PM

find_real_file.png

Both groups show no roles.

Preview file
14 KB
0 Helpfuls

asifnoor
Kilo Patron
In response to rudy6

‎10-05-2020 02:17 PM

Looks like that the role is added explicitly. So removing the group does not remove the role. 

0 Helpfuls