We are using jasperserver-pro, and have SSO integreted.
By default, all the SSO user login as ROLE_USER, and go to XXX orgranization.
<property name="defaultOrganization" value="XXX" />
When a SSO user login named "Jack", he only has ROLE_USER, then we created another role under XXX organization called DEMO_USER.
Here is the problem, when we assgin ROLE_ADMINISTRATOR and DEMO_USER to him, at that point of time, he has both role and he is able to manage user.
But when he logout and login, the role ROLE_ADMINISTRATOR is gone, DEMO_USER is still there.
You cannot assign roles through the Jasper interface and have them stick for external users. The only roles a user can keep are ones generated through the external authentication process. You need to set up assignment of admin roles in your application context file.