Admin User Unable to Delete Users from Role (Doc ID 2167532.1)

Last updated on NOVEMBER 02, 2016

Applies to:

Identity Manager - Version 11.1.2.3.0 and later
Information in this document applies to any platform.

Symptoms

Admin user manager001 belonging to admin role AdminRole001 with capabilities:

. Grant Role Memberships

. Revoke Role Memberships

. Role Modify

. Role View/Search

is unable to revoke user user001 from a role Role001 when he/she also belongs to that role.

If he /she does not belong to role Role001 the revoke executes properly. 

The following exception is thrown when the issue reproduces:

[oracle.iam.identity.rolemgmt.utils] [tid: [ACTIVE].ExecuteThread: '9' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: manager001] [ecid: 1de68f20db7a8430:-7895ee13:154e88e204f:-8000-0000000000000c0f,0]
[APP: oim#11.1.2.0.0] [DSID: 0000LJdJhx35Mef_TX0Fyc1NHSOh00000X] The operation on Role entity failed in the post-processing stage.[[ oracle.iam.platform.kernel.ValidationFailedException: IAM-3056217:Role was updated
successfully, but not all memberships were updated: An exception occurred while revoking role AdminRole001 from users [user001]:
oracle.iam.identity.exception.AccessDeniedException: IAM-3054101:The logged-in user 7 does not have deleteRoleMemberships permission on Role AdminRole001 entity.:7:deleteRoleMemberships:Role: AdminRole001
:An exception occurred while revoking role AdminRole001 from users [user001]: oracle.iam.identity.exception.AccessDeniedException:
IAM-3054101:The logged-in user 7 does not have deleteRoleMemberships permission on Role AdminRole001 entity.:7:deleteRoleMemberships:Role:AdminRole001
at oracle.iam.identity.utils.Utils.createValidationFailedException(Utils.java:1091)
at oracle.iam.identity.utils.Utils.createValidationFailedException(Utils.java:1074)
at oracle.iam.identity.rolemgmt.utils.RoleManagerUtils.createValidationFailedException(RoleManagerUtils.java:3245) 

 

Note: capabilities Grant Role Memberships and Revoke Role Memberships are provided by fix 22664253

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms