New Admin Roles Are Published To All Organizations Regardless Of Orgs Selected (Doc ID 2238245.1)

Last updated on FEBRUARY 27, 2017

Applies to:

Identity Manager - Version 11.1.2.3.4 and later
Information in this document applies to any platform.

Goal

When creating a new Admin Role in OIM 11g R2 PS3, one has the option to select which specific organizations one want to publish the new role to. According to the documentation, "Oracle Identity Manager allows you to make the Admin Role available to organizations. Once the admin role has been published to these organizations, the organization administrators can grant them to other users. This helps in standardizing delegated administration and encourages reuse of admin roles." (Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Manager).

However, this doesn't seem to do anything for example create a new Admin Role and choose to only publish it to one of the Organization, but this Admin Role still shows up as an available Admin Role on all the organizations. And one can go to any organization and assign users to such Admin Roles, regardless of the organizations the Admin Role was publish to. Please explain the reasoning behind this.
 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms