Roles without any user
Impact area
Security
Severity
Warning
Affected element
Roles
Rule number
SN-0403
Impact
If there are unassigned roles it could mean a potentially loss of functionality of certain apps as some may require roles. Also unnecessary roles generate extra effort to security administrators and can lead to improper access control.
Remediation
If the role is not assigned to any user or group, this role is probably not needed and can be removed from the system.
Time to fix
10 min
References
This rule is linked to Common Weakness Enumeration CWE-284 - Improper Access Control.