Editing Admin Role With User - Modify capability And denied attributes breaks functionality

(Doc ID 2269040.1)

Last updated on JUNE 06, 2017

Applies to:

Identity Manager - Version and later
Information in this document applies to any platform.


1) Set up an Admin Role with the User - Modify capability and select some of the attributes to be denied. Test the User screen and confirm that the logic configured is working as expected.

2) Now amend the Admin Role set up in (1). e.g. change the description. Save the modification.

3) Navigate to the User screen and test the denied attributes logic set up in step (1), it fails.
Happens for OOTB (like Email) and UDF attributes where display label and the name are different like




Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms