Last updated on JUNE 27, 2017
Applies to:Identity Manager - Version 220.127.116.11.5 and later
Information in this document applies to any platform.
Admin role capabilities are not refreshed on change of user's organization.
Steps to reproduce:
1.Create an Org "Oracle" and make its parent Organization as Top
2.Create Three other organization "Accounting", "Infosec" and "Unclaimed" of type department and make "Oracle" created in step 1 as Parent organization of these three Organization.
3. Create an Admin Role "User Admin Role" with "User-Modify" and "User-View/Search" Capabilities and scope it to Organization "Oracle"
4.Create two users "UserX" to Organization "Accounting" and "UserY" to Organization "InfoSec" and grant them with User Administrator admin role with their respective Organization.
5. Also assign "User Admin Role" of "Unclaimed" Organization to "Userx" and "Usery".
6. Login as "Userx" and create a user "UserA" In "Accounting" Organization. Once created, modify the organization for "UserA" to "Unclaimed"
7. Login as "Usery" and select "UserA", only four Tabs for UserA is displayed which is "Attribute,Roles,Direct Reports,Admin Roles", This is because user has only "User-Modify and User-View/Search" admin role, now modify organization to "Infosec" for "UserA", since "Usery" has User Administrator Role, he should see all the other tabs like Account, Entitlement and Admin Roles, but he is unable to see it. Closed and reopened the tab and the issue still exist.
But if "Usery" logout and login, he is able to see the tabs Account, Entitlement and Admin Roles. So although the userA Org is modified to Infosec, until the user "Usery" with "user administrator" role logout and login, all tabs aren't visible
Technically, UserY securitycontext is valid to view the user details, it does not allow the changes to be reflected in the current session.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
Million Knowledge Articles and hundreds of Community platforms