diff --git a/server/src/modules/auth/util.service.ts b/server/src/modules/auth/util.service.ts
index ae0e541eb8..41d11c6bf9 100644
--- a/server/src/modules/auth/util.service.ts
+++ b/server/src/modules/auth/util.service.ts
@@ -348,7 +348,7 @@ export class AuthUtilService implements IAuthUtilService {
 
       // IF current role is empty -> user not exist
       // IF new role not equals current one
-      if (!currentRole || newRole !== currentRole) {
+      if (!currentRole || (newRole !== currentRole && groups.length > 0)) {
         await this.roleUtilService.editDefaultGroupUserRole(
           organizationId,
           { newRole, userId, currentRole: currentRoleObj },
diff --git a/server/src/modules/data-sources/ability/index.ts b/server/src/modules/data-sources/ability/index.ts
index a256bffabf..d3d09cabfa 100644
--- a/server/src/modules/data-sources/ability/index.ts
+++ b/server/src/modules/data-sources/ability/index.ts
@@ -41,7 +41,6 @@ export class FeatureAbilityFactory extends AbilityFactory<FEATURE_KEY, Subjects>
     if (isBuilder) {
       // Only builder can do scope change, Get call is there on app builder
       can(FEATURE_KEY.SCOPE_CHANGE, DataSource);
-      can(FEATURE_KEY.GET, DataSource);
       can(FEATURE_KEY.GET_FOR_APP, DataSource);
     }
 
@@ -100,7 +99,7 @@ export class FeatureAbilityFactory extends AbilityFactory<FEATURE_KEY, Subjects>
     }
 
     if (isAllViewable) {
-      can([FEATURE_KEY.GET, FEATURE_KEY.GET_BY_ENVIRONMENT], DataSource);
+      can([FEATURE_KEY.GET_BY_ENVIRONMENT], DataSource);
       return;
     }
     if (