New Admin Roles Are Published To All Organizations Regardless Of Orgs Selected
(Doc ID 2238245.1)
Last updated on MAY 09, 2019
Applies to:Identity Manager - Version 188.8.131.52.0 to 184.108.40.206.0 [Release 11g to 12c]
Information in this document applies to any platform.
When creating a new Admin Role in OIM 11g R2 PS3 and higher versions, one has the option to select which specific organizations one want to publish the new role to. According to the documentation, "Oracle Identity Manager allows you to make the Admin Role available to organizations. Once the admin role has been published to these organizations, the organization administrators can grant them to other users. This helps in standardizing delegated administration and encourages reuse of admin roles." (Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Manager).
However, this doesn't seem to do anything for example create a new Admin Role and choose to only publish it to one of the Organization, but this Admin Role still shows up as an available Admin Role on all the organizations. And one can go to any organization and assign users to such Admin Roles, regardless of the organizations the Admin Role was publish to. Please explain the reasoning behind this.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!