From fbeef3e75f30b39e76eeb64a92e66d8854f4f8ef Mon Sep 17 00:00:00 2001
From: Bill Burke <bburke@redhat.com>
Date: Thu, 10 Aug 2017 09:25:44 -0400
Subject: [PATCH 1/2] manageMembership not deleted

---
 .../resources/admin/permissions/GroupPermissions.java         | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/services/src/main/java/org/keycloak/services/resources/admin/permissions/GroupPermissions.java b/services/src/main/java/org/keycloak/services/resources/admin/permissions/GroupPermissions.java
index 722ea1c7a7..ea70a05a36 100644
--- a/services/src/main/java/org/keycloak/services/resources/admin/permissions/GroupPermissions.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/permissions/GroupPermissions.java
@@ -188,6 +188,10 @@ class GroupPermissions implements GroupPermissionEvaluator, GroupPermissionManag
         if (manageMembersPermission == null) {
             authz.getStoreFactory().getPolicyStore().delete(viewMembersPermission.getId());
         }
+        Policy manageMembershipPermission = manageMembershipPermission(group);
+        if (manageMembershipPermission != null) {
+            authz.getStoreFactory().getPolicyStore().delete(manageMembershipPermission.getId());
+        }
         Resource resource = groupResource(group);
         if (resource != null) authz.getStoreFactory().getResourceStore().delete(resource.getId());
     }

From 41cdd9db7091f1617fe85aaacdc85c8f2854a7bb Mon Sep 17 00:00:00 2001
From: Bill Burke <bburke@redhat.com>
Date: Thu, 10 Aug 2017 09:36:45 -0400
Subject: [PATCH 2/2] KEYCLOAK-5268

---
 .../services/resources/admin/permissions/GroupPermissions.java  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/services/src/main/java/org/keycloak/services/resources/admin/permissions/GroupPermissions.java b/services/src/main/java/org/keycloak/services/resources/admin/permissions/GroupPermissions.java
index ea70a05a36..b20d4626df 100644
--- a/services/src/main/java/org/keycloak/services/resources/admin/permissions/GroupPermissions.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/permissions/GroupPermissions.java
@@ -185,7 +185,7 @@ class GroupPermissions implements GroupPermissionEvaluator, GroupPermissionManag
             authz.getStoreFactory().getPolicyStore().delete(manageMembersPermission.getId());
         }
         Policy viewMembersPermission = viewMembersPermission(group);
-        if (manageMembersPermission == null) {
+        if (viewMembersPermission == null) {
             authz.getStoreFactory().getPolicyStore().delete(viewMembersPermission.getId());
         }
         Policy manageMembershipPermission = manageMembershipPermission(group);