- No new roles can be assigned if the User's View permission on the Administrator role is revoked.
Steps to reproduce:
1) Startup Liferay server
2) Log in as your administrator
3) Create a role, call it 'testRole' for example and give it the following permissions:
Portal: View Control Panel Menu4) Now, under the Roles section click on the three dots next to any role (Portal content reviewer for example) -> Permissions
Users and Organizations: Access in Control Panel
Users and Organizations: View
Users and Organizations > Organization: View
Users and Organizations > Organization: View Members
Users and Organizations > User: Update
Users and Organizations > User: View
Grant the 'testRole' the permissions to View and Assign members
5) Navigate to Control panel -> Users & Organizations -> Users
6) Create a user (testuser1) and grant them the 'testRole' and give it a password'
7) Create another user (doesn't require a password or anything else)
8) Log in as testuser1.
9) Navigate to Control panel ->Users and Organizations -> Users
Checkpoint: Notice that the user's role has been granted. Return to the Administrator user after removing it.
10) As the administrator navigates to Control panel -> Roles
11) Click on the 3 dots next to Administrator roles -> Permissions
12) Revoke the View role from the default User role
13) Now go back to the testuser1 account and try to give the Portal content reviewer to the other user
Expected Behavior: The testuser1 is still able to grant the role
Observed Behavior: "You do not have the required permissions" error has been seen on UI
- Liferay DXP 7.3
- The observed behavior is a known Liferay DXP bug which has been addressed in Liferay DXP 7.3 SP4
- If the hotfix is required for this issue, please create a support ticket requesting the hotfix by attaching the patch details.
- Installing Fix Packs and Hotfixes on Liferay DXP will guide to installation of the hotfix in the respective environment.