User - Modify Capability Allowing One to Submit Grant Or Remove Roles Request From Another User
(Doc ID 2318995.1)
Last updated on MAY 14, 2019
Applies to:Identity Manager - Version 184.108.40.206.0 to 220.127.116.11.171017 [Release 11g]
Information in this document applies to any platform.
In OIM 18.104.22.168.x + one off patch for <Bug 24442680> or on a Bundle patch which includes this <Bug 24442680> fix such as OIM 22.214.171.124.170117, if an admin user has a custom admin role with capability User - Modify, the admin user can submit requests to revoke or request roles for the users.
For example a user: <USERID> is a member of the admin role CustomAdminRole that provides capability User - Modify with scope a OIM organization: <ORG>
With the above custom admin role, user can submit a request to revoke or request a role for another user: <END_USER> with only having capability User - Modify.
Why is capability User - Modify allowing the user to create a request to grant or revoke a role for another user?
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!