AnsweredAssumed Answered

Remove user from role action removes approle that was directly assigned

Question asked by Gokhan Gur on Nov 22, 2017
Latest reply on Aug 27, 2019 by Mostafa Helmy



Please consider the following scenario and let me know if there is any solution for that


1- "User A" has "Account X" on "Target System 1"

2- "Account X" has "AppRole-Y" on "Target System 1"


3-Then, "User A" is added to a business role which contains "AppRole-Y" on "Target System 1" as well. 

4-"User A" is later removed from business role. 


In the request created, Remove "AppRole-Y" from "Account X" also present. 


However, this approle was assigned to account X before he was added to business role so ideally he should have kept Approle-Y even if he is out of the business role. 


How can we achieve that?