OIM 11gR2PS3: OIM 'Role Authorizer' Is Unable To Add/Remove Role Memberships (Doc ID 2095972.1)

Last updated on JUNE 25, 2017

Applies to:

Identity Manager - Version 11.1.2.3.4 and later
Information in this document applies to any platform.

Symptoms

OIM 'Role Authorizer' is unable to add/remove role memberships.

Scenario: Have a user who has been assigned the "Role Authorizer" admin role for a specific organization, so expecting that with this role, the user will be able to assign or revoke role memberships for other users. That is, login to the self service console, manage --> roles --> look for a role --> members tab --> assign a member to the role.
However the UI does not allow this with a banner at the top saying: "View only mode:You do not have appropriate permissions to edit this page."


EXPECTED BEHAVIOR
-----------------------
According to the docs, someone with the "Role Authorizer" role should be able to grant roles to others as a direct operation. See:
http://docs.oracle.com/cd/E27559_01/user.1112/e27151/org_mangmnt.htm#CHDDAAGE

This is a 11gR2 PS2 document and could not find a PS3 specific version of "Users Guide for Oracle Identity Manager". There is a "Oracle® Fusion Middleware Performing Self Service Tasks with Oracle Identity Manager" (see: https://docs.oracle.com/cd/E52734_01/oim/OMUSG/toc.htm) which does not mention at all what are the capabilities that one would expect if you had the Role Authorizer role for a specific organization

Why is a role authorizer unable to assign role memberships in OIM 11.1.2.3.X?

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms