how to remove the scrum_admin role from the demand_manager role
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-21-2025 08:21 AM
Background:
The the it_demand_manager role contains the demand_manager role which contains the scrum_admin role. I don't understand why a high-level role like scrum_admin would be buried deep within another role.
We're a new SN shop and all of our consultants warn us against manipulating OOTB roles, which I understand.
Our issue is that we want our demand managers to have all the permissions of the it_demand_manager role, but NOT the high-level access that comes with the embedded "scrum_admin" role.
I've researched all of the roles within the it_demand_manager role. In our test environment, I gave a test user ALL of the roles I identified in the it_demand_manager role, except the SA role. The user still does not have the permissions they need to do their job. I've narrowed it down to the demand_manager role itself. This role has a permission in it that our DM's need, however we don't want to give them this role because it contains the SA role. Giving them all of the inherited roles (except SA) doesn't work. They need the DM role.
So how do we make this work? Has anyone else experienced this issue and are there any workarounds?
Thank you in advanced and I appreciate any input you have.Mathew.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-23-2025 07:35 AM
I had the same issue and simply removed the scrum_admin role contained in demand_manager. It may not be the best practice but the best solution here.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-23-2025 07:42 AM
Hi @MBMRED,
you can create your custom role that would inherit the other roles.
For example "it_demand_manager_soft" and it would inherit the demand_manager but not the scrum_admin.
Another options is to keep it as is and adjust the ACL but for that you will need security_admin (the only role stronger than admin) to apply the changes.
There is no universal answer to your case as each project, client or instance is managed differently. I see these two scenarios, perhaps somebody else will come up with better ideas.
But what do you think about creating a custom role, assign it to a group and put the desired people to this group...
/* If my response wasn’t a total disaster ↙️ ⭐ drop a Kudos or Accept as Solution ✅ ↘️ Cheers! */
