My Oracle Support Banner

Admin Role Capabilities Were Not Refreshed On User Organization Change (Doc ID 2213424.1)

Last updated on MARCH 14, 2019

Applies to:

Identity Manager - Version 11.1.2.3.0 to 11.1.2.3.170418 [Release 11g]
Information in this document applies to any platform.

Symptoms

Admin role capabilities are not refreshed on change of user's organization.

Steps to reproduce:

1.Create an Org "Oracle" and make its parent Organization as Top
2.Create Three other organization "Accounting", "Infosec" and "Unclaimed" of type department and make "Oracle" created in step 1 as Parent organization of these three Organization.
3. Create an Admin Role "User Admin Role" with "User-Modify" and "User-View/Search" Capabilities and scope it to Organization "Oracle"
4.Create two users "UserX" to Organization "Accounting" and "UserY" to Organization "InfoSec" and grant them with User Administrator admin role with their respective Organization.
5. Also assign "User Admin Role" of "Unclaimed" Organization to "Userx" and "Usery".
6. Login as "Userx" and create a user "UserA" In "Accounting" Organization. Once created, modify the organization for "UserA" to "Unclaimed"
7. Login as "Usery" and select "UserA", only four Tabs for UserA is displayed which is "Attribute,Roles,Direct Reports,Admin Roles", This is because user has only "User-Modify and User-View/Search" admin role, now modify organization to "Infosec" for "UserA", since "Usery" has User Administrator Role, he should see all the other tabs like Account, Entitlement and Admin Roles, but he is unable to see it. Closed and reopened the tab and the issue still exist.

But if "Usery" logout and login, he is able to see the tabs Account, Entitlement and Admin Roles. So although the userA Org is modified to Infosec, until the user "Usery" with "user administrator" role logout and login, all tabs aren't visible

Technically, UserY securitycontext is valid to view the user details, it does not allow the changes to be reflected in the current session.

NOTE: In the above scenario, the User, Organization and Admin Role details represent a fictitious example. Any similarity to actual persons or organizations, is purely coincidental and not intended in any manner.

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.