The User Directory indicates that a user has been assigned a specific role. However, when making an authorisation API call, the audit log shows that the user has no roles assigned. This inconsistency creates confusion and impacts role-based access control decisions.