Current
Currently, when a user is on the role assignment page, they can see and select from all system roles globally, even if those roles belong to domains they do not manage.
Expected
The roles available for assignment must be restricted according to the current user's scope and permissions:
Single Scope: If a user only has a role that allows them to manage Library Teams, they should only be able to see and assign library-related roles.
Multiple Scopes: If a user has management permissions for both Libraries and Courses, they should be able to see and assign roles from both domains.
US
As a user assigning roles to others,
I want to see only the roles that fall within my own domain permissions,
So that I cannot grant access or manage roles outside of my authorized scope.
Current
Currently, when a user is on the role assignment page, they can see and select from all system roles globally, even if those roles belong to domains they do not manage.
Expected
The roles available for assignment must be restricted according to the current user's scope and permissions:
Single Scope: If a user only has a role that allows them to manage Library Teams, they should only be able to see and assign library-related roles.
Multiple Scopes: If a user has management permissions for both Libraries and Courses, they should be able to see and assign roles from both domains.
US
As a user assigning roles to others,
I want to see only the roles that fall within my own domain permissions,
So that I cannot grant access or manage roles outside of my authorized scope.