After upgrading from Liferay DXP 7.2 to 2025.Q1, there are inconsistencies in the Site Roles displayed for users. While the main members list shows the correct roles for a user, the "Assign Roles" and "Unassign Roles" dialogs show a different, incorrect list. For example, a role that a user already possesses might still appear as available to be assigned, and it might be missing from the list of roles to unassign.

• Liferay 2025.Q1+
• Upgrading from Liferay DXP 7.2

This behavior is caused by a combination of a product bug and the expected behavior of how inherited roles are handled.

1. Product Bug (LPD-53010): A bug was identified where the role assignment dialog did not correctly filter roles by the current site. This issue is resolved in DXP 2025.Q1.6 and later versions. Applying the latest updates is recommended.
2. Expected Behavior with Inherited Roles: It is important to understand how Liferay handles roles inherited from User Groups.
   • A user's effective roles within a site are a combination of roles assigned directly to them and roles inherited from any User Group they are a member of.
   • The main member list in a site displays all of these effective roles.
   • However, the "Assign Roles" and "Unassign Roles" dialogs are designed to manage only the roles assigned directly to the user.
   • Therefore, if a user has a role (e.g., Site Administrator) because they are in a User Group that has been granted that role for the site, that role will still appear as available to be assigned directly to the user. This is the expected behavior.

To manage roles correctly, administrators should be aware of this distinction and decide whether to manage permissions at the individual user level or at the User Group level.

• Understanding Roles and Permissions
• User Groups