Pivotal story: https://www.pivotaltracker.com/story/show/131568585

Right now we really only have the concept of "current group" while we store multiple groups in the database, they are not visible in the UI. Another problem in how we support multiple groups, is that it's possible for a user to have a group relationsip that is not shown in the UI b/c it's not their current group. So you try to delete a group, but you can't because of the group relationship. But you also can't see what users are in what groups, so you can't delete the user to delete the group. Related Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1437682 - 5.8.0.12-rc1  This is probably really a new RFE, but it's related.

PR: https://github.com/ManageIQ/manageiq/pull/15041

Verified on 5.9.0.2 with external auth - FreeIPA. With and without external groups.

Assigning this back to Development.

So if a user has 2 groups and the group that you are deleting is the user's current group. Logins for that user are broken till an administrator manually fixes that user's groups. The user is still a member of at least 1 group, but can't log in b/c they have no current group. This obviously doesn't scale for administrators if the group contains multiple users.  Also the administrator will expect that they shouldn't have to do this if they are using external ldap groups.