IAM-3058111: Error Creating Or Modifying Users With An Admin Role With 'IN' Condition (Doc ID 2095903.1)

Last updated on NOVEMBER 01, 2022

Applies to:

Symptoms

The issue can be reproduced with the following steps:

Steps to create an Admin role:

1. Click on the Administration Role Tile
2. Click 'Create'
3. Enter Name, Display Name, and Description. Then click 'Next'
4. Click 'Add Capabilities'. Select User - View/Search and click 'Add Selected' -> 'Select'. Then click 'Next'
5. Click 'Create Membership Rule'. Add custom UDF 'Job Code'. Select the 'IN' operator and add  a few String values
6. For Scope of Control, add some Organizations 
7. For Organization, add the same Organizations
8. Click 'Finish'


Here are the steps to add a Member:

1. Click on the Administration Role tab.
2. Click on the newly created Admin Role.
3. Click on the Members tab
4. Click Assign and select any user
5. Then Click apply.

After adding a member, the following error occurs in the log:

After this occurs, the popup error occurs every time a user is created or modified. The popup will only go away if the membership rule is deleted-> Apply -> re-add the membership rule -> Apply

By changing the admin role, both editing the membership rule and even manually adding members causes the issue to reappear.

Cause