Submit Feedback
Legacy Knowledge Base
Published Jul. 2, 2025

Cannot assign roles unless the User role has permission to view the Administrator role

Written By

Kanchan Bisht

How To articles are not official guidelines or officially supported documentation. They are community-contributed content and may not always reflect the latest updates to Liferay DXP. We welcome your feedback to improve How To articles!

While we make every effort to ensure this Knowledge Base is accurate, it may not always reflect the most recent updates or official guidelines.We appreciate your understanding and encourage you to reach out with any feedback or concerns.

Legacy Article

You are viewing an article from our legacy "FastTrack" publication program, made available for informational purposes. Articles in this program were published without a requirement for independent editing or verification and are provided"as is" without guarantee.

Before using any information from this article, independently verify its suitability for your situation and project.

Issue

  • No new roles can be assigned if the User's View permission on the Administrator role is revoked.
    Steps to reproduce:
    1) Startup Liferay server
    2) Log in as your administrator
    3) Create a role, call it 'testRole' for example and give it the following permissions: 
    Portal: View Control Panel Menu
    Users and Organizations: Access in Control Panel
    Users and Organizations: View
    Users and Organizations > Organization: View
    Users and Organizations > Organization: View Members
    Users and Organizations > User: Update
    Users and Organizations > User: View
    4) Now, under the Roles section click on the three dots next to any role (Portal content reviewer for example) -> Permissions
    Grant the 'testRole' the permissions to View and Assign members
    5) Navigate to Control panel -> Users & Organizations -> Users
    6) Create a user (testuser1) and grant them the 'testRole' and give it a password'
    7) Create another user (doesn't require a password or anything else)
    8) Log in as testuser1.
    9) Navigate to Control panel ->Users and Organizations -> Users
    Checkpoint: Notice that the user's role has been granted. Return to the Administrator user after removing it.
    10) As the administrator navigates to Control panel -> Roles
    11) Click on the 3 dots next to Administrator roles -> Permissions
    12) Revoke the View role from the default User role
    13) Now go back to the testuser1 account and try to give the Portal content reviewer to the other user
    Expected Behavior: The testuser1 is still able to grant the role
    Observed Behavior: "You do not have the required permissions" error has been seen on UIfail.png

Environment

  • Liferay DXP 7.3

Resolution

  • The observed behavior is a known Liferay DXP bug which has been addressed in Liferay DXP 7.3 SP4
  • If the hotfix is required for this issue, please create a support ticket requesting the hotfix by attaching the patch details.
  • Installing Fix Packs and Hotfixes on Liferay DXP will guide to installation of the hotfix in the respective environment.

Additional Information

Did this article resolve your issue ?
Legacy Knowledge Base
Did this article resolve your issue ?