Fix roles for external users with possible non-intentional internal role assignments

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • Review and fix roles for external users that may have non-intentional internal role assignments.

    Before you begin

    Role required: csm_guided_setup_user, user_admin, sn_crm_foundation_admin, and system_scheduler_admin

    About this task

    You must not assign internal roles to external users. Use this procedure to review and fix the contacts and consumers that may have the following role assignments:
    • snc_internal role only
    • snc_internal role and one or more external roles
    Note:
    This guided setup task uses scheduled jobs to identify and fix role assignments. When fixing role assignments, the scheduled job fixes 3000 users at a time. If there are more than 3000 users in this group, change the configuration of the job so that it runs periodically.

    Procedure

    1. Navigate to All > Customer Service > Administration > Guided Setup and select Get Started.
    2. In the Fix External User Role Assignment category, select Get Started and then select External users with possible non-intentional internal role assignment.
    3. Run the scheduled job to tag users that may have non-intentional user role assignments.
      Users are tagged with the Ext-user-non-intentional tag.
    4. Review the list of tagged users and remove the tag from any users for which you don’t need to fix role assignments.
      If necessary, configure the list to display the Tag column.
    5. Run the scheduled job to fix the role assignments for the users with the Ext-user-non-intentional tag.
      This scheduled job makes the following changes:
      • For users with the snc_internal role only, it removes the snc_internal role and adds the snc_external role.
      • For users with the snc_internal role and one or more external roles, it removes the snc_internal role.

      This scheduled job runs all the insert/deleted business rules on the User Role [sys_user_has_role] table.