IAM-3058111: Error Creating Or Modifying Users Tied To An Admin Role With 'IN' Condition

(Doc ID 2095903.1)

Last updated on JUNE 25, 2017

Applies to:

Identity Manager - Version 11.1.2.3.1 and later
Information in this document applies to any platform.

Symptoms

The issue can be reproduced with the following steps:

Steps to create an Admin role:


1. Click on the Administration Role Tile
2. Click 'Create'
3. Enter Name, Display Name, and Description. Then click 'Next'
4. Click 'Add Capabilities'. Select User - View/Search and click 'Add Selected' -> 'Select'. Then click 'Next'
5. Click 'Create Membership Rule'. Add custom UDF 'Job Code'. Select the 'IN' operator and add  a few String values
6. For Scope of Control, add some Organizations 
7. For Organization, add the same Organizations
8. Click 'Finish'


Here are the steps to add a Member:


1. Click on the Administration Role tab.
2. Click on the newly created Admin Role.
3. Click on the Members tab
4. Click Assign and select any user
5. Then Click apply.

After adding a member, the following error occurs in the log:

After this occurs, the popup error occurs every time a user is created or modified. The popup will only go away if the membership rule is deleted-> Apply -> re-add the membership rule -> Apply

By changing the admin role, both editing the membership rule and even manually adding members causes the issue to reappear.



Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms