Skip to content

[Bug]: User role removal fails with "NO_PERMISSION_TO_UNASSIGN" due to empty userPermissions array #41103

New issue
New issue
Open
0 of 1 issue completed
Open
[Bug]: User role removal fails with "NO_PERMISSION_TO_UNASSIGN" due to empty userPermissions array#41103
0 of 1 issue completed
Assignees
Nikhil-Nandagopalpranavkanade
Labels
BugSomething isn't workingLowAn issue that is neither critical nor breaks a user flowNeeds TriagingNeeds attention from maintainers to triageProduction
@jacquesikot

Description

@jacquesikot
jacquesikot
opened on Jul 10, 2025

Is there an existing issue for this?

  • I have searched the existing issues

Description

When attempting to remove a role from a user in the Access Control settings, the system incorrectly shows "NO_PERMISSION_TO_UNASSIGN" error message, preventing the role removal operation. This occurs because the userPermissions array is empty for the role objects.

Root Cause

The issue occurs in ActiveAllGroupsList.tsx at line 141 where the permission check fails:

const hasPermission = group?.userPermissions
  ? isPermitted(
      group?.userPermissions, // ← This array is empty
      entityName === "role"
        ? PERMISSION_TYPE.UNASSIGN_PERMISSIONGROUPS
        : PERMISSION_TYPE.REMOVE_USERS_FROM_USERGROUPS,
    )
  : true;

The userPermissions array is empty for role objects, causing the permission check to fail and incorrectly blocking the role removal operation.

Technical Details

  • File: app/client/src/ee/pages/AdminSettings/AccessControl/ActiveAllGroupsList.tsx
  • Line: 141 (permission check logic)
  • Component: ActiveAllGroupsList used for both groups and roles
  • Backend API: /api/v1/users/manage/{userId} returns roles with empty userPermissions

Additional Context

This issue affects the Access Control functionality where administrators need to manage user roles. The permission system should properly validate user permissions for role management operations.

Related Files

  • app/client/src/ee/pages/AdminSettings/AccessControl/ActiveAllGroupsList.tsx
  • app/client/src/ee/pages/AdminSettings/AccessControl/UserEdit.tsx
  • Backend: UserForManagementDTO and related permission handling

Steps to Reproduce

  1. Navigate to Admin Settings → Users
  2. Click on a user
  3. Under the groups tab - try to remove a role from the user by clicking on it
  4. Observe that the role appears disabled with a lock icon and shows "NO_PERMISSION_TO_UNASSIGN" tooltip

Expected Behavior

  • Users should be able to remove roles from other users if they have the appropriate permissions
  • The role removal should work without showing permission errors when the user has valid permissions

Actual Behavior

  • Role removal is blocked with "NO_PERMISSION_TO_UNASSIGN" message
  • Roles appear disabled with lock icons
  • The operation cannot be completed even when the user has proper permissions

Public Sample App

No response

Environment

Production

Severity

Low (Cosmetic UI issues)

Issue video log

No response

Version

Cloud - v1.74

Sub-issues

Metadata

Metadata

Assignees

Labels

BugSomething isn't workingLowAn issue that is neither critical nor breaks a user flowNeeds TriagingNeeds attention from maintainers to triageProduction

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions