IAM-3058111: Error Creating Or Modifying Users Tied To An Admin Role With 'IN' Condition
Last updated on JUNE 25, 2017
Applies to:Identity Manager - Version 22.214.171.124.1 and later
Information in this document applies to any platform.
The issue can be reproduced with the following steps:
Steps to create an Admin role:
1. Click on the Administration Role Tile
2. Click 'Create'
3. Enter Name, Display Name, and Description. Then click 'Next'
4. Click 'Add Capabilities'. Select User - View/Search and click 'Add Selected' -> 'Select'. Then click 'Next'
5. Click 'Create Membership Rule'. Add custom UDF 'Job Code'. Select the 'IN' operator and add a few String values
6. For Scope of Control, add some Organizations
7. For Organization, add the same Organizations
8. Click 'Finish'
Here are the steps to add a Member:
1. Click on the Administration Role tab.
2. Click on the newly created Admin Role.
3. Click on the Members tab
4. Click Assign and select any user
5. Then Click apply.
After adding a member, the following error occurs in the log:
After this occurs, the popup error occurs every time a user is created or modified. The popup will only go away if the membership rule is deleted-> Apply -> re-add the membership rule -> Apply
By changing the admin role, both editing the membership rule and even manually adding members causes the issue to reappear.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms