Gaia
Gaia14mo ago

Why an user with ORG_USER_SELF_MANAGER role cannot delete itself?

We want to implement a functionality for users to delete from zitadel on a certain scenario. Based on another message here https://discord.com/channels/927474939156643850/1267470643604230185/1267480820311134260, the user needs to have the role ORG_USER_SELF_MANAGER and use the API of "Delete my user" (https://zitadel.com/docs/apis/resources/auth/auth-service-remove-my-user). I already implemented an action (https://zitadel.com/docs/guides/manage/customize/behavior) on external and internal authentication in post creation for adding that role under the project that is being used (the only project under the org). I also verified that I can see the role for the user in the UI (see screenshot attached). However, when calling the endpoint using the access token of the user, I get the following response: 
{
    "code": 5,
    "message": "membership not found (AUTHZ-cdgFk)",
    "details": [
        {
            "@type": "type.googleapis.com/zitadel.v1.ErrorDetail",
            "id": "AUTHZ-cdgFk",
            "message": "membership not found"
        }
    ]
}
{
    "code": 5,
    "message": "membership not found (AUTHZ-cdgFk)",
    "details": [
        {
            "@type": "type.googleapis.com/zitadel.v1.ErrorDetail",
            "id": "AUTHZ-cdgFk",
            "message": "membership not found"
        }
    ]
}
It makes sense as the user has no memberships, but as I understand that is for manager roles, and the user already has the correct role.
ZITADEL Docs
In this guide, you will create a ZITADEL action.
No description
7 Replies
fabienne
fabienne14mo ago
It looks like you added that role name to your own project. The ORG_USER_SELF_MANAGER is a ZITADEL internal role, which has to be added to the user in the manager roles.
fabienne
fabienne14mo ago
You can find more about the managers here: https://zitadel.com/docs/guides/manage/console/managers
ZITADEL Docs
To configure managers in ZITADEL go to the resource where you like to add it (e.g Instance, Organization, Project, GrantedProject).
Gaia
GaiaOP14mo ago
Ohhh I see. Interesting that the role is not listed there. Is there a way to add that role to the user in the manager roles via a Zitadel action? I've searched the examples of actions here https://zitadel.com/docs/apis/actions/code-examples but couldn't find anything for adding manager roles.
ZITADEL Docs
Actions are a powerful tool to extend ZITADEL and you might wonder what use cases actions can be used for.
Gaia
GaiaOP14mo ago
Also I would like to understand, is this the right approach to be able to use that endpoint for delete my own user? To test this for now I added the role manually, but I can see that now the user appears as a self manager in this image . If, let's say, I create 2000 users in my org, all those 2000 will appear in there as self managers?
No description
fabienne
fabienne14mo ago
you can add the role through the ui in the organization mangers tab:
No description
fabienne
fabienne14mo ago
and yes they will all be listed there
Gaia
GaiaOP14mo ago
Not what I'm looking for (these users are created automatically when signing up, so I needed to assign them the role dynamically, like in an action), but thanks for answering.

Did you find this page helpful?