Release Automation Local Users with LDAP integration have lost permissions

Document ID : KB000118751
Last Modified Date : 31/10/2018
Show Technical Document Details
Issue:
A given end user, Local RA User "user@domain.com", has been using locally defined permissions, including a local group membership to Local RA group "Local RA Group", to operate Release Automation.  The Release Automation install is also integrated with LDAP, and a decision is made to have the end user's permissions derived from group membership defined in LDAP.  But when Local RA group "Local RA Group" is removed, the end user loses all permissions and is not inheriting the rights that are granted by the LDAP group membership.
Cause:
The existing contact Local RA User "user@domain.com" was originally created manually and a manual group, Local RA group "Local RA Group" (which contained the given user's permissions definition) was also defined in RA as well.  

The manually created Local RA User "user@domain.com" does not automatically have ties to the backend LDAP definitions of the "user@domain.com" user and the associated LDAP group memberships.  
Resolution:
Solution to address is to delete the Local RA User "user@domain.com" and have "user@domain.com" log back into RA, relying on the existing LDAP integration to re-create the "user@domain.com" user in RA, which would then have all of the LDAP groups in place and permissions defined correctly.