My Oracle Support Banner

"AccessDeniedException: IAM-3054101" Error: User With Admin Role Having Role Related Capbility Is Unable to Add Self to A Role (Doc ID 2167488.1)

Last updated on OCTOBER 11, 2020

Applies to:

Identity Manager - Version to [Release 11g]
Information in this document applies to any platform.


User <ADMINUSER> belongs to an Admin Role<ADMINROLE> with capabilities:

. Grant Role Memberships

. Revoke Role Memberships

. Role Modify

. Role View/Search

<ADMINUSER> is able to add other users to some OIM Role <OIMROLE> but they cannot add themselves to the role.

If they try to add themselves to the role the following exception is thrown:

 Note: capabilities Grant Role Memberships and Revoke Role Memberships are provided by fix 22664253, which was included in the OIM Bundle Patches starting with


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.