Roles without any user

Rule number

SN-0403

Impact

If there are unassigned roles it could mean a potentially loss of functionality of certain apps as some may require roles. Also unnecessary roles generate extra effort to security administrators and can lead to improper access control.

Remediation

If the role is not assigned to any user or group, this role is probably not needed and can be removed from the system.

Time to fix

10 min

References

This rule is linked to Common Weakness Enumeration CWE-284 - Improper Access Control.