IAM-3058111: Error Creating Or Modifying Users With An Admin Role With 'IN' Condition
(Doc ID 2095903.1)
Last updated on JULY 20, 2021
Applies to:Identity Manager - Version 18.104.22.168.0 to 22.214.171.124.180116 [Release 11g]
Information in this document applies to any platform.
The issue can be reproduced with the following steps:
Steps to create an Admin role:
1. Click on the Administration Role Tile
2. Click 'Create'
3. Enter Name, Display Name, and Description. Then click 'Next'
4. Click 'Add Capabilities'. Select User - View/Search and click 'Add Selected' -> 'Select'. Then click 'Next'
5. Click 'Create Membership Rule'. Add custom UDF 'Job Code'. Select the 'IN' operator and add a few String values
6. For Scope of Control, add some Organizations
7. For Organization, add the same Organizations
8. Click 'Finish'
Here are the steps to add a Member:
1. Click on the Administration Role tab.
2. Click on the newly created Admin Role.
3. Click on the Members tab
4. Click Assign and select any user
5. Then Click apply.
After adding a member, the following error occurs in the log:
After this occurs, the popup error occurs every time a user is created or modified. The popup will only go away if the membership rule is deleted-> Apply -> re-add the membership rule -> Apply
By changing the admin role, both editing the membership rule and even manually adding members causes the issue to reappear.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!