I’m having trouble with role-based access control in our resource management module. When we modify user roles in the admin console - for example, promoting a team member from Resource Coordinator to Resource Manager - the security group assignments aren’t updating automatically. The user’s role shows as changed in their profile, but they still have the old security group permissions.
We have to manually go into Security Workbench and reassign the security groups, which defeats the purpose of role-based access. This is creating permission mismatches where managers don’t have approval rights they need, or coordinators retain elevated permissions they shouldn’t have. Is there a configuration setting we’re missing to enable automatic security group assignment based on role changes?
Also verify that the Security Server is processing role change events. There’s a configuration flag in the JDE.INI file: AutoSyncRolePermissions=1. If this is set to 0 or missing, role changes won’t automatically propagate to security groups. You’ll also want to check the User Override Security (UOS) settings - if users have individual security overrides, those take precedence over role-based assignments.
Found several users with UOS settings from a previous reorganization. Cleaning those up now. The security server restart helped, and new role changes are starting to sync properly. Still working through the backlog of users who were changed before the fix.
Yes, restart the security server after modifying JDE.INI. For UOS, run the Security Workbench report with the ‘Show User Overrides’ option enabled. Any user with a checkmark in the Override column has individual security settings that will block role-based updates. You’ll need to remove those overrides or manually update them when roles change. We created a monthly audit process to identify and clean up unnecessary UOS entries.