My Oracle Support Banner

AccessDeniedException: IAM-3054101: Revoke Role Membership Not Working (Doc ID 2251207.1)

Last updated on JULY 02, 2018

Applies to:

Identity Manager - Version 11.1.2.3.5 and later
Information in this document applies to any platform.

Symptoms

When trying to move a user to a different organization the revoke role membership is firing and there is an error being thrown that doesn't allow it to be revoked.

The exception is as follows:

 

Steps to reproduce:
1. Created an admin role "adminrole1" with capabilities "revokeRoleMembership" ,"user-modify" and "user-view/search"
2. Create a user "adminuser1" and assign him above admin role
3. Create application role "testrole"
4. Assign "testrole" to "adminuser1" and an end user say "user001"
4. Invoke revokeRoleGrant API  and error will happen.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.