Security Roles Troubleshooting Guide

- When adding a permission to a child role, it automatically adds the permission to the parent if not already there.
- The constraints may differ, but a parent must always include all the permissions of all of its children.
- This prevents removal of a permission at the parent level that exists in one or more children.
Note: To remove a permission from the parent, you must first remove it from all the child roles.

- This prevents removal of a permission at the parent level that exists in one or more children.
- The constraints may differ, but a parent must always include all the permissions of all of its children.
- When adding a permission to a child role, it automatically adds the permission to the parent if not already there.
Note: To remove a permission from the parent, you must first remove it from all child roles.

- Every user in the system is automatically assigned a particular user security role, which contains a base set of default permissions for that role.
- Duplicating any of those permissions in a security role won't have any effect.
- A best practice is to only add the permissions that are necessary for the group role being created. An administrator should never replicate permissions that already exist in the default user role.
Note: This can apply to any security role(s).


The security role is missing the "Preview Custom Reports" permission, which enables previewing of reports.

If... | Then... |
---|---|
a permission is added or deleted from an existing role | the change takes immediate effect for users previously assigned to the role. |
an administrator adds, modifies, or removes constraints from one or more permissions in an existing role | the changes to constraints DO NOT automatically apply to users previously assigned to the role. |
Note: Previously assigned users must be removed from the role and added back in order for the change to take effect. Any new users added to the role will receive the new constraints.

- Dynamically assigning the security roles to OUs or groups will create efficiency in this process.
- When users are automatically added/removed from a group based on the group criteria, they will automatically be assigned/unassigned the relevant security role(s).

Here is a simple approach to troubleshooting security roles or security preference problems: