My Oracle Support Banner

Unable To Delete Group From Application Role In OBIEE : Error: Cannot remove principal from application role; principal "LAC_BI_CUST_CONT_GEN" is not member of application role "LAC_BI_CUST_CONT_GEN" (Doc ID 2319363.1)

Last updated on AUGUST 15, 2019

Applies to:

Business Intelligence Server Enterprise Edition - Version to [Release 11g to 12g]
Information in this document applies to any platform.


Cannot remove principal from application role.

After changing external LDAP provider configurations from Microsoft Active Directory providers to OID provider, not able to delete the groups but adding of groups works.

For example, new application role (ABC) is created and trying to map to the LDAP group (ABC, coming from OID), the group gets added successfully, however, unable to remove or revoke this new group membership from the application role (ABC).

Following are the steps taken and the error message.

Logged into FMW EM console > Business Intelligence > coreapplication (right click) > Security > Application Roles > Create > ABC > Click on + > Search for Group called ABC and click OK. This added the group ABC to application role ABC.

Now try to remove LDAP group ABC from application role ABC. Edit ABC role > select ABC > Delete > Click Ok.


Error :-


Image 1:-


Image 2 :-




To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.