Background & Current Behavior
 
On OutSystems 11, we were able to query an aggregate view of Users and their Roles and/or Groups (both directly assigned roles and those inherited via group membership) in a single transaction.

In ODC, many of the system entities are obsolete including Role. To replicate some of our page, we must now use the newly introduced User Access Management APIs.
Get /users had been promising. It can return the list of users' based on the parameters provided. It could have been the best alternative if when passing "assetKey" (applications id), it can return the users with the roles for that application. However, while it does return the users with directly assigned end-user roles, it omitted users where their end-user roles were only inherited from a group.

To work around this limitation, we must now:

1. Call Get User Groups for each user

2. For each group, call Get Group Roles

3. Merge and dedupe results in-memory

This multi‐step approach leads to an exponential number of calls when you have many users and groups, causing unacceptable latency and resource consumption.

Why This Matters

• Performance Degradation

  • N users × O groups per user + P roles per group

  • Dramatic increase in response times and network traffic

• Increased Complexity & Maintenance

  • Custom merging logic

  • Higher risk of bugs, especially around pagination, retries, and deduplication

Business Impact 

Current workaround severely degrades performance 

Enhancement & Expected Behavior 

Extend the Get /users endpoint so it returns each user’s full set of roles, direct and inherited in one call. We can also add backward compatibility by adding new parameter such as "includeInherited" to identify whether to continues to return only direct assigned roles.