Description

When adding object permissions to a Role through operations like invite/sharing (e.g., vfolder:assignment creation), the system should automatically update the role's scope bindings to include any cross-scope entities referenced by the new permissions.

Context

According to BEP-1012 RBAC Feature Specification:

Cross-Scope Object Permissions: When a Role bound to Project-A scope includes Object Permissions for entities in Project-B scope, the Project-B scope is automatically added to the Role

Current Behavior

When object permissions are added to a role (e.g., through VFolder sharing):

• Object permissions are correctly added to the target user's "User Owner" System Sourced Role
• However, cross-scope bindings may not be automatically updated

Expected Behavior

When adding object permissions to a role:

1. Add the object permission entries to the role
2. Automatically detect if the object permission references an entity from a different scope
3. Add the entity's scope to the role's scope bindings if not already present
4. Ensure the role can properly resolve permissions across all referenced scopes

JIRA Issue: BA-2947