If a scoped admin role contains another scoped admin role, and that 2nd scoped admin role does not have "Application Administrator" checked, the user will not have the expected access to certain records - Known Error

If a scoped admin role contains another scoped admin role, and that 2nd scoped admin role does not have "Application Administrator" checked, the user will not have the expected access to certain records Description Even though a particular user may have a scoped admin role, as well as roles necessary to pass ACLs for a particular record, if that scoped admin role contains another scoped admin role, and that 2nd scoped admin role does not have "Application Administrator" checked, the user will not have the expected access to the record.

Steps to Reproduce

Activate the "Human Resources Scoped App: Core" plugin Give Abel Tuter the following roles: sn_hr_core_admin itil skill_admin user_admin Impersonate Abel Tuter Navigate to sys_user group, and open the "HR Admin" group Observe the record is read-only, even though Abel Tuter has the "sn_hr_core_admin" role, as well as the roles required by this OOB sys_user_group "Write" ACL: /nav_to.do?uri=sys_security_acl.do?sys_id=8ba177f90a0a0b440043a5c91bdacd42" rel="nofollow">http:// /nav_to.do?uri=sys_security_acl.do?sys_id=8ba177f90a0a0b440043a5c91bdacd42 Open sys_user_role record "sn_esign.admin", which is contained by "sn_hr_core_admin" App the "Application Administrator" field to the form, and check it Impersonate Abel Tuter again, and observe that he now has write access to the "HR Admin" group record

Activation of "Human Resources Scoped App: Core" also activates the "E-Signature" application, and the "sn_hr_core_admin" role contains the "sn_esign.admin" role. Workaround 1. Go to role table and open sn_esign.admin

2. Make sure the " Application Administrator" field as true and set assignable by field value as "sn_esign.admin"