Skip to content

SCIM: Confusion of member types in GET /Roles endpoints #1989

New issue
New issue
Closed
#2051
Closed
SCIM: Confusion of member types in GET /Roles endpoints#1989
#2051
Assignees
fflorent
Labels
bugSomething isn't workinggouv.fr
@fflorent

Description

@fflorent
fflorent
opened on Dec 3, 2025

Describe the current behavior

When querying the GET /api/scim/v2/Roles endpoint, we see members of the Roles.

When a role is inherited (for example the roles of a doc inside a workspace), we expect the members of the Role of the document to include Roles of the workspace.

But we see Groups. For example:

    {
      "schemas": [
        "urn:ietf:params:scim:schemas:Grist:1.0:Role"
      ],
      "id": "2300",
      "meta": {
        "resourceType": "Role",
        "location": "/api/scim/v2/Roles/2300"
      },
      "displayName": "viewers",
      "members": [
        {
          "value": "336",
          "display": "viewers",
          "$ref": "/api/scim/v2/Groups/336",
          "type": "Group"
        }
      ],
    }

Steps to reproduce

Describe the expected behavior

We should see this list of members instead:

      [
        {
          "value": "336",
          "display": "viewers",
          "$ref": "/api/scim/v2/Roles/336",
          "type": "Role"
        }
      ]

Where have you encountered this bug?

Instance information (when self-hosting only)

No response

Metadata

Metadata

Assignees

Labels

bugSomething isn't workinggouv.fr

Type

No type

Projects

French administration Board

Status

Done

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions