Role Availability Discrepancy at Sub-Organization Level

[aaujayasena]

Describe the issue: At the root organization level, the roles of System, Everyone, and Admin are available, and users can view and update these roles as expected. However, at the sub-organization level, System role is available. This behavior seems doughtful since, at the sub-organization level, only the shared application roles should be available. The behaviour should be further analyse.

Root Organization

Sub organization

How to reproduce:

1. Log in to the Console
2. Navigate to role and check Available roles
3. Create sub org
4. Switch to sub org
5. Check the role avaible.

Expected behavior: Only the shared application role should be available. But the System role is available and the validity of it should be further analyse.

Environment information (Please complete the following information; remove any unnecessary fields) :

• Product Version: [e.g., IS 5.10.0, IS 5.9.0]
• OS: [e.g., Windows, Linux, Mac]
• Database: [e.g., MySQL, H2]
• Userstore: [e.g., LDAP, JDBC]

---

Optional Fields

Related issues:

Suggested labels:

[AnuradhaSK]

The other inconsistency is:

• If an organization audience allowed app is shared, with sub orgs "admin" and "everyone" roles will be created.
• But when the application is unshared, "admin" role will be deleted but everyone role will be remained system role will not be deleted because it is not treated as a shared role

Proper way of handling:

• All admin, everyone, system kind of org roles should be created inside a suborg upon sharing an org audience role is shared
• When unsharing, the roles need to be deleted