Security Roles Troubleshooting Guide
Why does a permission from a security role also appear in the parent role?
- When adding a permission to a child role, it automatically adds the permission to the parent if not already there.
- The constraints may differ, but a parent must always include all the permissions of all of its children.
- This prevents removal of a permission at the parent level that exists in one or more children.
Note: To remove a permission from the parent, you must first remove it from all the child roles.
Why are permissions in a security role grayed out?
- This prevents removal of a permission at the parent level that exists in one or more children.
- The constraints may differ, but a parent must always include all the permissions of all of its children.
- When adding a permission to a child role, it automatically adds the permission to the parent if not already there.
Note: To remove a permission from the parent, you must first remove it from all child roles.
Why are the end users of a security role getting an added permission after an end user "clone" security role was created with a new permission?
- Every user in the system is automatically assigned a particular user security role, which contains a base set of default permissions for that role.
- Duplicating any of those permissions in a security role won't have any effect.
- A best practice is to only add the permissions that are necessary for the group role being created. An administrator should never replicate permissions that already exist in the default user role.
Note: This can apply to any security role(s).
Why, after assigning the Course Publisher permission to a security role, does the assigned user not see the Course Publisher?
Why, after creating a security role that includes analytics, are the users assigned to that role able to create and save reports but not able to preview reports like the administrator?
The security role is missing the "Preview Custom Reports" permission, which enables previewing of reports.
After adding constraints again to the permission and re-saving the role, why is the permission still not constrained for the users assigned to the role?
| If... | Then... |
|---|---|
| a permission is added or deleted from an existing role | the change takes immediate effect for users previously assigned to the role. |
| an administrator adds, modifies, or removes constraints from one or more permissions in an existing role | the changes to constraints DO NOT automatically apply to users previously assigned to the role. |
Note: Previously assigned users must be removed from the role and added back in order for the change to take effect. Any new users added to the role will receive the new constraints.
What's the easiest way to add security roles to individuals as they are getting hired into the organization?
- Dynamically assigning the security roles to OUs or groups will create efficiency in this process.
- When users are automatically added/removed from a group based on the group criteria, they will automatically be assigned/unassigned the relevant security role(s).
What are the best practices to troubleshoot random security issues?
Here is a simple approach to troubleshooting security roles or security preference problems:
When I remove a constraint from a user's role, the user still has the constraint, even after removing and re-adding the user to the role. Why?
The user has the permission from different security roles. Removing and re-adding the user to the role is not enough to apply the changes.
You have to completely remove the user from all of the roles that have this permission and then re-add them to those roles.
This process will not work if the user is not removed from all of the roles that contain this permission before they are re-added to any of those roles.