Security Roles Troubleshooting Guide
Helpful resources:
- Knowledge Bank: Security Roles, Permissions, and Constraints Frequently Asked Questions
- Online Help: Security Roles - Major Key Points
- Online Help: Security Roles - Best Practices

- When adding a permission to a child role, it automatically adds the permission to the parent if not already there.
- The constraints may differ, but a parent must always include all the permissions of all of its children.
- When a permission is added to a child role, the permission appears gray in the parent role. This prevents removal of a permission at the parent level that exists in one or more children.
Note: To remove a permission from the parent, you must first remove it from all the child roles.

- Every user in the system is automatically assigned a particular user security role, which contains a base set of default permissions for that role.
- Duplicating any of those permissions in a security role won't have any effect.
- A best practice is to only add the permissions that are necessary for the group role being created. An administrator should never replicate permissions that already exist in the default user role.
Note: This can apply to any security role(s).


If... | Then... |
---|---|
a permission is added or deleted from an existing role | the change takes immediate effect for users previously assigned to the role. |
an administrator adds, modifies, or removes constraints from one or more permissions in an existing role | the changes to constraints DO NOT automatically apply to users previously assigned to the role. |
Note: Previously assigned users must be removed from the role and added back in order for the change to take effect. Any new users added to the role will receive the new constraints.
Knowledge Bank: Changes to Constraints in Security Role Are Not Applying to Users Within the Role

- Dynamically assigning the security roles to OUs or groups will create efficiency in this process.
- When users are automatically added or removed from a group based on the group criteria, they will automatically be assigned or unassigned the relevant security roles.
Online Help: Security Roles - Best Practices
Knowledge Bank: Security Roles, Permissions, and Constraints Frequently Asked Questions

The user has the permission from different security roles. Removing and re-adding the user to the role is not enough to apply the changes.
You have to completely remove the user from all of the roles that have this permission and then re-add them to those roles.
This process will not work if the user is not removed from all of the roles that contain this permission before they are re-added to any of those roles.