When a User Role Constraint is deactivated in Vault, its corresponding User Role Setup is not deactivated.
This is working as designed. If a User Role Constraint record is inactive in Vault, the meaning of this is as follows:
- Vault does not change the current user role setup assignment.
- Vault does prevent new user role setup assignment to assign the role going forward.
The solution is to do one of the following:
- Manually delete any corresponding User Role Setup records when a User Role Constraint is deactivated in Vault.
- Delete the User Role Constraint, as this action also deletes any corresponding User Role Setup records.
Vault Dynamic Access Control Documentation: Configuring User Role Constraints
Send us your feedback: We're always looking for advice to help improve our Knowledge Base! Please let us know if this article was helpful or provide feedback on how we can improve your experience here.