Resolving Admin Role Conflicts

Forcepoint ONE SSE does not support users being assigned to more than one admin role. You will see red errors if there is a conflict when a user is assigned to more than one group with different admin roles.

For example, if I assigned the above user mng_test to another group with an admin role, that group membership will appear in User Details window but will show up as red to indicate a conflict of admin roles.

When a conflict occurs the last assigned role will be applied, but this role can be difficult to determine if the user was assigned to multiple groups or if group membership changed due to AD sync, etc. In order to resolve this conflict, admins must remove the user from all groups containing an admin role to reset the user back to default (that is, no admin role assignment) and then add them to the singular group with the appropriate admin role you wish them to have.

The Admin Role field will appear as still selectable and display the last admin role assignment. While this field is editable, it is only used for manual individual assignment and is always overridden by the group membership role assignment.