I removed Home facilities, roleassignments and set active=false, loginRestricted=true, allowNotify=false for all the district users but users are still able to log in, capture reports and view LMIS forms.
We dont want this user to be able to log into the system. we want the account to be inactive and restricted to login.
1. Log in as admin
2. Remove all the roles from user srmanager4
3. Log in as srmanager4
4. You have access to view orders and manage POD screen and the permission strings endpoint for this user returns 2 entries, even though it should be empty
If all roles are removed from the user, all the permission strings are removed as well and the user doesn't have access to any screen requiring specific rights
Possible root cause
Looks like removing all role assignments from a specific user doesn't trigger regeneration of the permission strings for that user. Adding a single role assignment triggers the update.