End Users Cannot Submit Changes to My Information or Request Access for Self and See "View only mode" on the User Details Page.

(Doc ID 2316972.1)

Last updated on OCTOBER 12, 2017

Applies to:

Identity Manager - Version 11.1.2.3.0 and later
Information in this document applies to any platform.

Symptoms

End users see the following issues in the Self Service user interface.

  1. From the Self Service Home tab, after selecting My Information, end users do not have a Submit button on the My Information tab.  There are no errors, however there is no way to submit changes to the My Information page.

     

  2. From the Self Service Home tab, when selecting Request Access the Request for Self option is grayed out.  There are no errors, however there is no way for end users to request access. 

     

  3. From item 2 above, if the user instead selects Request for Others, they will get an error with "IAM-8140001 : You do not have permission to perform this operation" when they try to submit the request.

     

  4. From Self Service > Manage > Users, when the end user selects and opens their own User Details page there is no Modify button and instead, there is a banner with:
    View only mode: You do not have appropriate permissions to edit this page.

For items 1, 2 and 4 - there are no Errors in the log files related to these issues.  However, if Warning or Notification level logging is enabled, you will see several warnings and notification messages related to these issues in the log file at $DOMAIN_HOME/servers/OIMMANAGEDSERVER/logs/OIMMANAGEDSERVER-diagnostic.log such as " AuthorizationServiceUtil :: No self-capabilities (denied-attributes) found for logged-in user :X" or "Cannot initialize data provider - java.lang.NullPointerException". These are like:

[2017-10-12T11:05:14.978-06:00] [WLS_OIM1] [WARNING] [] [oracle.iam.platform.authopss.impl] [tid: [ACTIVE].ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: a26c36f2d283bc2d:-718e96fe:15f117cce00:-8000-0000000000001bc0,0] [APP: oim#11.1.2.0.0] [DSID: 0000LwHYQ5_DwW05zzWByW1PrtnW00000I] AuthorizationServiceUtil :: No self-capabilities found for logged-in user :5
...
[2017-10-12T11:05:15.077-06:00] [WLS_OIM1] [WARNING] [] [oracle.iam.platform.entitymgr.impl] [tid: [ACTIVE].ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: a26c36f2d283bc2d:-718e96fe:15f117cce00:-8000-0000000000001bc0,0] [APP: oim#11.1.2.0.0] [DSID: 0000LwHYQ5_DwW05zzWByW1PrtnW00000I] Cannot initialize data provider - java.lang.NullPointerException[[
at oracle.iam.platform.entitymgr.impl.EntityManagerConfigImpl.getDataProvider(EntityManagerConfigImpl.java:309)
at oracle.iam.platform.entitymgr.impl.EntityManagerConfigImpl.getDataProvider(EntityManagerConfigImpl.java:323)
at oracle.iam.platform.entitymgr.impl.EntityManagerImpl.findEntity(EntityManagerImpl.java:822)
at sun.reflect.GeneratedMethodAccessor1488.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
...
]]

For item 3 the same Warnings and Notification messages will be seen in the log - as well as a few Errors with either "User FIRST LAST does not have view permission on User FIRST LAST." or "AccessDeniedException while running preventivePolicyCheck." with "oracle.iam.ida.exception.AccessDeniedException: The logged-in user LOGINID does not have createScanRun permission on entities of type IdentityAuditScanRun.". These are like:

[2017-10-12T11:09:12.372-06:00] [WLS_OIM1] [ERROR] [] [oracle.iam.request.impl] [tid: [ACTIVE].ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: bptest] [ecid: a26c36f2d283bc2d:-718e96fe:15f117cce00:-8000-0000000000001c71,0] [APP: oim#11.1.2.0.0] [DSID: 0000LwHYQ5_DwW05zzWByW1PrtnW00000I] User BPTest User does not have view permission on User BPTest User.
[2017-10-12T11:09:12.412-06:00] [WLS_OIM1] [ERROR] [] [oracle.iam.request.impl] [tid: [ACTIVE].ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: bptest] [ecid: a26c36f2d283bc2d:-718e96fe:15f117cce00:-8000-0000000000001c71,0] [APP: oim#11.1.2.0.0] [DSID: 0000LwHYQ5_DwW05zzWByW1PrtnW00000I] User BPTest User does not have view permission on User BPTest User.[[
oracle.iam.exception.OIMServiceException: User BPTest User does not have view permission on User BPTest User.
at oracle.iam.request.util.RequestAuthorizationUtil.checkAuthorizationResultDenialReason(RequestAuthorizationUtil.java:586)
at oracle.iam.request.impl.RequestEngine.performAuthzChecksForRequester(RequestEngine.java:5389)
at oracle.iam.request.impl.RequestInternalServiceImpl.isLoginUserAuthorizedToSubmitRequest(RequestInternalServiceImpl.java:481)
at oracle.iam.ida.impl.authorization.IDAAuthorizationEngine.loginUserCanSubmitRequest(IDAAuthorizationEngine.java:148)
at oracle.iam.ida.impl.authorization.ScanRunAdvice.before(ScanRunAdvice.java:71)
at org.springframework.aop.framework.adapter.MethodBeforeAdviceInterceptor.invoke(MethodBeforeAdviceInterceptor.java:49)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at com.sun.proxy.$Proxy329.createAccessRequestPreventivePreviewScan(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
...
]]
[2017-10-12T11:09:12.421-06:00] [WLS_OIM1] [WARNING] [] [oracle.iam.ida.impl.authorization] [tid: [ACTIVE].ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: bptest] [ecid: a26c36f2d283bc2d:-718e96fe:15f117cce00:-8000-0000000000001c71,0] [APP: oim#11.1.2.0.0] [DSID: 0000LwHYQ5_DwW05zzWByW1PrtnW00000I] Caught exception during authorization check: checking permission to submit request for beneficiary(ies) [oracle.iam.request.vo.Beneficiary@7e6fb733] and targets null.
[2017-10-12T11:09:12.435-06:00] [WLS_OIM1] [WARNING] [] [oracle.iam.ida.impl.authorization] [tid: [ACTIVE].ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: bptest] [ecid: a26c36f2d283bc2d:-718e96fe:15f117cce00:-8000-0000000000001c71,0] [APP: oim#11.1.2.0.0] [DSID: 0000LwHYQ5_DwW05zzWByW1PrtnW00000I] Caught exception during authorization check.[[
oracle.iam.request.exception.RequestServiceException: oracle.iam.exception.OIMServiceException: User BPTest User does not have view permission on User BPTest User.
at oracle.iam.request.impl.RequestInternalServiceImpl.isLoginUserAuthorizedToSubmitRequest(RequestInternalServiceImpl.java:485)
at oracle.iam.ida.impl.authorization.IDAAuthorizationEngine.loginUserCanSubmitRequest(IDAAuthorizationEngine.java:148)
at oracle.iam.ida.impl.authorization.ScanRunAdvice.before(ScanRunAdvice.java:71)
at org.springframework.aop.framework.adapter.MethodBeforeAdviceInterceptor.invoke(MethodBeforeAdviceInterceptor.java:49)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at com.sun.proxy.$Proxy329.createAccessRequestPreventivePreviewScan(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
...
Caused by: oracle.iam.exception.OIMServiceException: User BPTest User does not have view permission on User BPTest User.
at oracle.iam.request.util.RequestAuthorizationUtil.checkAuthorizationResultDenialReason(RequestAuthorizationUtil.java:586)
at oracle.iam.request.impl.RequestEngine.performAuthzChecksForRequester(RequestEngine.java:5389)
at oracle.iam.request.impl.RequestInternalServiceImpl.isLoginUserAuthorizedToSubmitRequest(RequestInternalServiceImpl.java:481)
... 144 more

]]
[2017-10-12T11:09:12.497-06:00] [WLS_OIM1] [WARNING] [] [oracle.iam.ida.impl.authorization] [tid: [ACTIVE].ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: bptest] [ecid: a26c36f2d283bc2d:-718e96fe:15f117cce00:-8000-0000000000001c71,0] [APP: oim#11.1.2.0.0] [DSID: 0000LwHYQ5_DwW05zzWByW1PrtnW00000I] The logged-in user BPTEST does not have createScanRun permission on entities of type IdentityAuditScanRun.
[2017-10-12T11:09:12.590-06:00] [WLS_OIM1] [ERROR] [] [oracle.iam] [tid: [ACTIVE].ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: bptest] [ecid: a26c36f2d283bc2d:-718e96fe:15f117cce00:-8000-0000000000001c71,0] [APP: oracle.iam.console.identity.self-service.ear#V2.0] [DSID: 0000LwHYQ5_DwW05zzWByW1PrtnW00000I] AccessDeniedException while running preventivePolicyCheck.[[
oracle.iam.ida.exception.AccessDeniedException: The logged-in user BPTEST does not have createScanRun permission on entities of type IdentityAuditScanRun.
at oracle.iam.ida.impl.authorization.IDAAuthorizationUtil.logAndConstructAccessDeniedException(IDAAuthorizationUtil.java:127)
at oracle.iam.ida.impl.authorization.IDAAuthorizationEngine.loginUserCanSubmitRequest(IDAAuthorizationEngine.java:157)
at oracle.iam.ida.impl.authorization.ScanRunAdvice.before(ScanRunAdvice.java:71)
at org.springframework.aop.framework.adapter.MethodBeforeAdviceInterceptor.invoke(MethodBeforeAdviceInterceptor.java:49)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at com.sun.proxy.$Proxy329.createAccessRequestPreventivePreviewScan(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
...
]]
[2017-10-12T11:09:12.623-06:00] [WLS_OIM1] [WARNING] [] [oracle.adf.controller.faces.lifecycle.Utils] [tid: [ACTIVE].ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: bptest] [ecid: a26c36f2d283bc2d:-718e96fe:15f117cce00:-8000-0000000000001c71,0] [APP: oracle.iam.console.identity.self-service.ear#V2.0] [DSID: 0000LwHYQ5_DwW05zzWByW1PrtnW00000I] ADF: Adding the following JSF error message: IAM-8140001: You do not have permission to perform this operation.[[
oracle.iam.ui.platform.exception.OIMRuntimeException: IAM-8140001: You do not have permission to perform this operation.
at oracle.iam.ui.catalog.view.backing.CartReqBean.runPreventivePolicyCheck(CartReqBean.java:1301)
at oracle.iam.ui.catalog.view.backing.CartReqBean.submit(CartReqBean.java:1162)
at oracle.iam.ui.catalog.view.backing.CartReqBean.submitActionListener(CartReqBean.java:1110)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
...
]]
...
[2017-10-12T11:09:13.030-06:00] [WLS_OIM1] [WARNING] [] [oracle.adf.controller.faces.lifecycle.Utils] [tid: [ACTIVE].ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: bptest] [ecid: a26c36f2d283bc2d:-718e96fe:15f117cce00:-8000-0000000000001c71,0] [APP: oracle.iam.console.identity.self-service.ear#V2.0] [DSID: 0000LwHYQ5_DwW05zzWByW1PrtnW00000I] ADF: Adding the following JSF error message: IAM-8140001: You do not have permission to perform this operation.[[
oracle.iam.ui.platform.exception.OIMRuntimeException: IAM-8140001: You do not have permission to perform this operation.
at oracle.iam.ui.catalog.view.backing.CartReqBean.runPreventivePolicyCheck(CartReqBean.java:1301)
at oracle.iam.ui.catalog.view.backing.CartReqBean.submit(CartReqBean.java:1162)
at oracle.iam.ui.catalog.view.backing.CartReqBean.submitActionListener(CartReqBean.java:1110)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
...
]]

Changes

 At some point the environment has been upgraded to 11.1.2.3.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms