product-is
product-is copied to clipboard
wso2
Role Availability Discrepancy at Sub-Organization Level
Describe the issue: At the root organization level, the roles of System, Everyone, and Admin are available, and users can view and update these roles as expected. However, at the sub-organization level, System role is available. This behavior seems doughtful since, at the sub-organization level, only the shared application roles should be available. The behaviour should be further analyse.
Root Organization
Sub organization
How to reproduce:
- Log in to the Console
- Navigate to role and check Available roles
- Create sub org
- Switch to sub org
- Check the role avaible.
Expected behavior: Only the shared application role should be available. But the System role is available and the validity of it should be further analyse.
Environment information (Please complete the following information; remove any unnecessary fields) :
- Product Version: [e.g., IS 5.10.0, IS 5.9.0]
- OS: [e.g., Windows, Linux, Mac]
- Database: [e.g., MySQL, H2]
- Userstore: [e.g., LDAP, JDBC]
Optional Fields
Related issues:
Suggested labels:
The other inconsistency is:
- If an organization audience allowed app is shared, with sub orgs "admin" and "everyone" roles will be created.
- But when the application is unshared, "admin" role will be deleted but everyone role will be remained system role will not be deleted because it is not treated as a shared role
Proper way of handling:
- All admin, everyone, system kind of org roles should be created inside a suborg upon sharing an org audience role is shared
- When unsharing, the roles need to be deleted
