OrchardCMS · MikeAlhayek · Nov 25, 2024 · Nov 5, 2024 · Nov 6, 2024 · Nov 21, 2024
diff --git a/src/OrchardCore/OrchardCore.Users.Core/CommonPermissions.cs b/src/OrchardCore/OrchardCore.Users.Core/CommonPermissions.cs
@@ -21,7 +21,7 @@ public static class CommonPermissions
 
     public static readonly Permission ListUsers = new("ListUsers", "List all users", [EditUsers, DeleteUsers]);
 
-    public static readonly Permission AssignRoleToUsers = new("AssignRoleToUsers", "Assign any role to users", [EditUsers], true);
+    public static readonly Permission AssignRoleToUsers = new("AssignRoleToUsers", "Assign any role to users", true);
 
     public static readonly Permission DisableTwoFactorAuthenticationForUsers = new("DisableTwoFactorAuthenticationForUsers", "Disable two-factor authentication for any user", [ManageUsers], true);
 

diff --git a/src/docs/releases/3.0.0.md b/src/docs/releases/3.0.0.md
@@ -48,3 +48,7 @@ The following obsolete settings were removed from `LoginSettings` class
 #### Login View Update
 
 The `ExternalLogin` action has been removed from the `Account` controller. If you are using a custom `Login.cshtml` view or `Login` template, please update the external login form action. As of this update, the `ExternalLogin` action has been relocated to the `ExternalAuthentications` controller.
+
+#### AssignRoleToUsers Permission Update
+
+The `AssignRoleToUsers` permission is no longer implicitly granted by `EditUsers`. To maintain the same behavior, make sure to explicitly assign the `AssignRoleToUsers` permission to any role that already has the `EditUsers` permission.