AccessDeniedException: IAM-3054101: Revoke Role Membership Not Working
Last updated on APRIL 16, 2017
Applies to:Identity Manager - Version 220.127.116.11.5 and later
Information in this document applies to any platform.
When trying to move a user to a different organization the revoke role membership is firing and there is an error being thrown that doesn't allow it to be revoked.
The exception is as follows:
Steps to reproduce:
1. Created an admin role "adminrole1" with capabilities "revokeRoleMembership" ,"user-modify" and "user-view/search"
2. Create a user "adminuser1" and assign him above admin role
3. Create application role "testrole"
4. Assign "testrole" to "adminuser1" and an end user say "user001"
4. Invoke revokeRoleGrant API and error will happen.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms