Have noticed a couple of strange things in the portal rest api responses that don't seem to make sense.
No matter what role I assign a user, the 'role' attribute remains as 'org_user', yet the 'roleId' changes. I've had to record this roleId (which is a random text string) to use within apps to check the user's role, which is a pain of course because deleting and recreating a role creates a new roleId.
The 'privileges' attribute is weird - I created a role based on standard user and unticked everything except 'Content - Create, update and delete'. The privileges attributes for some reason had premium demographics in it.
I have another role with the same ticked, and also 'Groups - Join organizational groups'. The privileges for that role report as:
I'm a bit confused as to how these privileges get this way as the tick boxes don't seem to update the privileges correctly all the time. I played around with ticking and unticking the permissions in Portal and managed to get different results in the rest API with the exact same boxes ticked. Maybe it depends on the role/template the role was based on when it was created?
Would be interested if anyone else sees similar issues or can explain it a bit more. I am currently using Portal 10.4.1 federated with ArcGIS Server 10.4.1.