The deployment profile has been configured to exclude logins and users, but it looks like the change script being generated still includes logins and users for database level permissions like CONNECT or VIEW DEFINITION. The database projects has recently been updated to include permissions for various stored procedures, tables, views, and similar objects associated with database roles, so permissions are not ignored as part of the deployment profile.
I assumed that since users and logins were excluded as part of the deployment profile, that it would be excluded as part of the change script. That does not seem to be the case. It appears that if you include permissions as part of the deployment profile, it takes precedence over the exclusion of users and logins.
This scenario presented itself when I extracted a dacpac from one of our databases where the property was set to include permissions. When generating a change script from that dacpac with a different database target, the change script attempted to add users that do not exist for that instance.
Examples of the scripts used:
sqlpackage.exe /Action:Extract /p:IgnorePermissions=false /SourceConnectionString:"<My Source Connection String>" /TargetFile:"<My Source DACPAC>"
sqlpackage.exe /Action:script /Profile:"<My Deployment File>" /SourceFile:"<My Source DACPAC>" /TargetConnectionString:"<My Target Connection String" /OutputPath:"<My Change Script>"