Overview:
When a User Role Constraint is deactivated in Vault, its corresponding User Role Setup is not deactivated.
Root Cause:
This is working as designed. If a User Role Constraint record is inactive in Vault, the meaning of this is as follows:
- Vault does not change the current user role setup assignment.
- Vault does prevent new user role setup assignment to assign the role going forward.
Solution:
The solution is to do one of the following:
- Manually delete any corresponding User Role Setup records when a User Role Constraint is deactivated in Vault.
- Delete the User Role Constraint, as this action also deletes any corresponding User Role Setup records.
Related Documentation:
Vault Dynamic Access Control Documentation: Configuring User Role Constraints
Send us your feedback: We're always looking for advice to help improve our Knowledge Base! Please let us know if this article was helpful or provide feedback on how we can improve your experience here.
Thank you