Empty role assigned to a user.
Impact area
Security
Severity
Low
Affected element
User
Rule ID
SN-0447
Impact
This rule checks for rows on the sys_user_has_role table (User Roles) which contain empty role references. If there are unassigned roles it could mean a potentially loss of functionality of certain apps as some may require roles. Also empty roles assigned to a user generate extra effort to security administrators and can lead to improper access control.
Remediation
Edit the role field in the sys_user_has_role table and change the empty reference to the a valid one or delete the record if it is not needed
Time to fix
10 min