Description
Ranger usersync is configured to use AD/LDAP as sync source with incremental sync option enabled and "ranger.usersync.group.based.role.assignment.rules" with value ""&ROLE_SYS_ADMIN:g:<group_name>".
In this case, even after removing a user from an ADMIN privilege group, ranger UI still shows an admin role for that user.