Group sync in combination with local assigned roles #3346

New Issue

Closed

opened 2026-02-05 06:25:56 +03:00 by OVERLORD · 2 comments

OVERLORD commented 2026-02-05 06:25:56 +03:00

Owner

Copy Link

Originally created by @jacac on GitHub (Nov 17, 2022).

Describe the feature you'd like

Allow group sync OIDC_REMOVE_FROM_GROUPS=true or LDAP_REMOVE_FROM_GROUPS=true to be used in combination with locally assigned roles. Basically OIDC or LDAP would only remove roles they assigned themselves.

Describe the benefits this would bring to existing BookStack users

We have about 8 roles which covers about 400 users managed through OIDC. We also have 40+ roles which are managed in Bookstack directly. Enabling the sync role requires us to replicate those 40 roles and all new roles in OIDC. Setting sync to false means that I need to monitor all 400 users if any of them need their role changed.

Can the goal of this request already be achieved via other means?

If all roles are replicated externally and managed this way.

Have you searched for an existing open/closed issue?

• I have searched for existing issues and none cover my fundemental request

How long have you been using BookStack?

1 to 5 years

Additional context

Add another column in role_user like internal with a boolean value. Depending on that the roles get synced from external authentication providers.

Originally created by @jacac on GitHub (Nov 17, 2022). ### Describe the feature you'd like Allow group sync `OIDC_REMOVE_FROM_GROUPS=true` or `LDAP_REMOVE_FROM_GROUPS=true` to be used in combination with locally assigned roles. Basically OIDC or LDAP would only remove roles they assigned themselves. ### Describe the benefits this would bring to existing BookStack users We have about 8 roles which covers about 400 users managed through OIDC. We also have 40+ roles which are managed in Bookstack directly. Enabling the sync role requires us to replicate those 40 roles and all new roles in OIDC. Setting sync to false means that I need to monitor all 400 users if any of them need their role changed. ### Can the goal of this request already be achieved via other means? If all roles are replicated externally and managed this way. ### Have you searched for an existing open/closed issue? - [X] I have searched for existing issues and none cover my fundemental request ### How long have you been using BookStack? 1 to 5 years ### Additional context Add another column in `role_user` like `internal` with a boolean value. Depending on that the roles get synced from external authentication providers.

OVERLORD added the 🔨 Feature Request label 2026-02-05 06:25:56 +03:00

OVERLORD closed this issue 2026-02-05 06:26:02 +03:00

OVERLORD commented 2026-02-05 06:26:06 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Nov 17, 2022):

Thanks for the request @jacac.

From my perspective, this would be adding of complexity and configurability for minor-level configuration options for something that's quite use-case specific and without significant demand need, so it's not something I'd be keen to add.

As an alternative though, maybe there's an additional event point we could add to our logical theme system so custom logic could be applied to the group sync so this kind of thing could be added as instance-specific custom logic if desired.

@ssddanbrown commented on GitHub (Nov 17, 2022): Thanks for the request @jacac. From my perspective, this would be adding of complexity and configurability for minor-level configuration options for something that's quite use-case specific and without significant demand need, so it's not something I'd be keen to add. As an alternative though, maybe there's an additional event point we could add to our [logical theme system](https://github.com/BookStackApp/BookStack/blob/development/dev/docs/logical-theme-system.md) so custom logic could be applied to the group sync so this kind of thing could be added as instance-specific custom logic if desired.

OVERLORD commented 2026-02-05 06:26:10 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Dec 12, 2022):

Since there's been no follow-up to the above, and since this is not something I'd look to support in the core by default, I'm going to go ahead and close this off.

@ssddanbrown commented on GitHub (Dec 12, 2022): Since there's been no follow-up to the above, and since this is not something I'd look to support in the core by default, I'm going to go ahead and close this off.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

development

further_theme_development

l10n_development

release

llm_only

vectors

v25-11

docker_env

drawio_rendering

user_permissions

ldap_host_failover

svg_image

prosemirror

captcha_example

fix/video-export

v25.12.3

v25.12.2

v25.12.1

v25.12

v25.11.6

v25.11.5

v25.11.4

v24.11.4

v25.11.3

v25.11.2

v25.11.1

v25.11

v25.07.3

v25.07.2

v25.07.1

v25.07

v25.05.2

v25.05.1

v25.05

v25.02.5

v25.02.4

v25.02.3

v25.02.2

v25.02.1

v25.02

v24.12.1

v24.12

v24.10.3

v24.10.2

v24.10.1

v24.10

v24.05.4

v24.05.3

v24.05.2

v24.05.1

v24.05

v24.02.3

v24.02.2

v24.02.1

v24.02

v23.12.3

v23.12.2

v23.12.1

v23.12

v23.10.4

v23.10.3

v23.10.2

v23.10.1

v23.10

v23.08.3

v23.08.2

v23.08.1

v23.08

v23.06.2

v23.06.1

v23.06

v23.05.2

v23.05.1

v23.05

v23.02.3

v23.02.2

v23.02.1

v23.02

v23.01.1

v23.01

v22.11.1

v22.11

v22.10.2

v22.10.1

v22.10

v22.09.1

v22.09

v22.07.3

v22.07.2

v22.07.1

v22.07

v22.06.2

v22.06.1

v22.06

v22.04.2

v22.04.1

v22.04

v22.03.1

v22.03

v22.02.3

v22.02.2

v22.02.1

v22.02

v21.12.5

v21.12.4

v21.12.3

v21.12.2

v21.12.1

v21.12

v21.11.3

v21.11.2

v21.11.1

v21.11

v21.10.3

v21.10.2

v21.10.1

v21.10

v21.08.6

v21.08.5

v21.08.4

v21.08.3

v21.08.2

v21.08.1

v21.08

v21.05.4

v21.05.3

v21.05.2

v21.05.1

v21.05

v21.04.6

v21.04.5

v21.04.4

v21.04.3

v21.04.2

v21.04.1

v21.04

v0.31.8

v0.31.7

v0.31.6

v0.31.5

v0.31.4

v0.31.3

v0.31.2

v0.31.1

v0.31.0

v0.30.7

v0.30.6

v0.30.5

v0.30.4

v0.30.3

v0.30.2

v0.30.1

v0.30.0

v0.29.3

v0.29.2

v0.29.1

v0.29.0

v0.28.3

v0.28.2

v0.28.1

v0.28.0

v0.27.5

v0.27.4

v0.27.3

v0.27.2

v0.27.1

v0.27

v0.26.4

v0.26.3

v0.26.2

v0.26.1

v0.26.0

v0.25.5

v0.25.4

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.3

v0.24.2

v0.24.1

v0.24.0

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.3

v0.20.2

v0.20.1

v0.20.0

v0.19.0

v0.18.5

v0.18.4

v0.18.3

v0.18.2

v0.18.1

v0.18.0

v0.17.4

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.3

v0.16.2

v0.16.1

v0.16.0

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.13.1

v0.13.0

v0.12.2

v0.12.1

v0.12.0

v0.11.2

v0.11.1

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.2

v0.8.1

v0.8.0

v0.7.6

v0.7.5

v0.7.4

v0.7.3

0.7.2

v.0.7.1

v0.7.0

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.0

Labels

Clear labels

🎨 Design

📖 Docs Update

🐛 Bug

🐛 Bug

:cat2:🐈 Possible duplicate

💿 Database

☕ Open to discussion

💻 Front-End

🐕 Support

🚪 Authentication

🌍 Translations

🔌 API Task

🏭 Back-End

⛲ Upstream

🔨 Feature Request

🛠️ Enhancement

🛠️ Enhancement

🛠️ Enhancement

❤️ Happy feedback

🔒 Security

🔍 Pending Validation

💆 UX

📝 WYSIWYG Editor

🌔 Out of scope

🔩 API Request

:octocat: Admin/Meta

🖌️ View Customization

❓ Question

🚀 Priority

🛡️ Blocked

🚚 Export System

♿ A11y

🔧 Maintenance

> Markdown Editor

pull-request

Mirrored from GitHub Pull Request

No Label 🔨 Feature Request

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#3346