diff --git a/src/main/java/org/ohdsi/webapi/security/authz/AuthorizationService.java b/src/main/java/org/ohdsi/webapi/security/authz/AuthorizationService.java
index e39e8ec67..efede1788 100644
--- a/src/main/java/org/ohdsi/webapi/security/authz/AuthorizationService.java
+++ b/src/main/java/org/ohdsi/webapi/security/authz/AuthorizationService.java
@@ -78,6 +78,7 @@ public Iterable<User> getUsers() {
    * (SYSTEM, LDAP, …) are left untouched. Per-role failures are logged and
    * swallowed so a single bad row can't break the whole sync.
    */
+  @Transactional
   public void syncOidcRoles(String login, List<String> targetRoleNames) {
     org.slf4j.Logger log = org.slf4j.LoggerFactory.getLogger(AuthorizationService.class);
     List<String> currentOidcRoleNames;