The constraint wizard generates a wrong constraint validation for the Role type using Groovy script:
For example to add a constraint to allow an access group to create any role having any type different than Super, the constraint wizard generates the following:
{E}.type != value(com.haulmont.cuba.security.entity.RoleType.class, 'SUPER')
This constraint does not work because it should be as follow:
{E}.type != com.haulmont.cuba.security.entity.RoleType.SUPER
Regards