From 6ebd81e1a0668bf135ede08c17a9c745dac5069b Mon Sep 17 00:00:00 2001
From: Peter Hoffmann <954078+p-hoffmann@users.noreply.github.com>
Date: Tue, 19 May 2026 08:58:57 +0800
Subject: [PATCH] fix: make syncOidcRoles @Transactional

---
 .../org/ohdsi/webapi/security/authz/AuthorizationService.java    | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/main/java/org/ohdsi/webapi/security/authz/AuthorizationService.java b/src/main/java/org/ohdsi/webapi/security/authz/AuthorizationService.java
index e39e8ec67..efede1788 100644
--- a/src/main/java/org/ohdsi/webapi/security/authz/AuthorizationService.java
+++ b/src/main/java/org/ohdsi/webapi/security/authz/AuthorizationService.java
@@ -78,6 +78,7 @@ public Iterable<User> getUsers() {
    * (SYSTEM, LDAP, …) are left untouched. Per-role failures are logged and
    * swallowed so a single bad row can't break the whole sync.
    */
+  @Transactional
   public void syncOidcRoles(String login, List<String> targetRoleNames) {
     org.slf4j.Logger log = org.slf4j.LoggerFactory.getLogger(AuthorizationService.class);
     List<String> currentOidcRoleNames;