diff --git a/rbac/engine/classes/model/RbacUsers.php b/rbac/engine/classes/model/RbacUsers.php
index 3a9c44b85..8160a2714 100755
--- a/rbac/engine/classes/model/RbacUsers.php
+++ b/rbac/engine/classes/model/RbacUsers.php
@@ -59,6 +59,7 @@ class RbacUsers extends BaseRbacUsers
      *  -2: password errado
      *  -3: usuario inactivo
      *  -4: usuario vencido
+     *  -6: role inactivo
      *  n : uid de usuario
      */
     public function verifyLogin($sUsername, $sPassword)
@@ -89,6 +90,10 @@ class RbacUsers extends BaseRbacUsers
                         if ($aFields['USR_STATUS'] != 1) {
                             return -3;
                         }
+                        $role = $this->verifyRolUser($aFields['USR_UID']);
+                        if ($role['ROL_STATUS'] == 0) {
+                            return -6;
+                        }
                         return $aFields['USR_UID'];
                     } else {
                         return -2;
@@ -293,6 +298,28 @@ class RbacUsers extends BaseRbacUsers
         }
         return $aUsers;
     }
+
+    public function verifyRolUser($UsrUid)
+    {
+        $con = Propel::getConnection(UsersRolesPeer::DATABASE_NAME);
+        try {
+            $c = new Criteria( 'rbac' );
+            $c->clearSelectColumns();
+            $c->addSelectColumn ( RolesPeer::ROL_UID );
+            $c->addSelectColumn ( RolesPeer::ROL_CODE );
+            $c->addSelectColumn ( RolesPeer::ROL_STATUS );
+            $c->addJoin ( UsersRolesPeer::ROL_UID, RolesPeer::ROL_UID );
+            $c->add ( UsersRolesPeer::USR_UID, $UsrUid );
+            $rs = UsersRolesPeer::doSelectRs( $c );
+            $rs->setFetchmode (ResultSet::FETCHMODE_ASSOC);
+            $rs->next();
+            $row = $rs->getRow();
+            return $row;
+        }
+        catch (Exception $oError) {
+          throw($oError);
+        }
+    }
 }
 
 // Users
diff --git a/workflow/engine/methods/login/authentication.php b/workflow/engine/methods/login/authentication.php
index 585760fa2..04e9138fb 100755
--- a/workflow/engine/methods/login/authentication.php
+++ b/workflow/engine/methods/login/authentication.php
@@ -81,6 +81,9 @@ try {
             case -5:
                 $errLabel = 'ID_AUTHENTICATION_SOURCE_INVALID';
                 break;
+            case -6:
+                $errLabel = 'ID_ROLE_INACTIVE';
+                break;
         }
 
         //to avoid empty string in user field.  This will avoid a weird message "this row doesn't exist"
diff --git a/workflow/engine/methods/users/usersAjax.php b/workflow/engine/methods/users/usersAjax.php
index 1210f616c..954343b0f 100755
--- a/workflow/engine/methods/users/usersAjax.php
+++ b/workflow/engine/methods/users/usersAjax.php
@@ -160,7 +160,7 @@ switch ($_POST['action']) {
                 $aData['USR_AUTH_USER_DN'] = $form['USR_AUTH_USER_DN'];
                 //fixing bug in inactive user when the admin create a new user.
                 $statusWF = $form['USR_STATUS'];
-                $aData['USR_STATUS'] = $form['USR_STATUS'] == 'ACTIVE' ? 1 : 0;
+                $aData['USR_STATUS'] = $form['USR_STATUS'] ;//== 'ACTIVE' ? 1 : 0;
                 try {
                     $sUserUID = $RBAC->createUser($aData, $form['USR_ROLE']);
                 } catch(Exception $oError) {