User - Modify capability including implicit capabilities to Revoke and Remove roles
Last updated on NOVEMBER 07, 2017
Applies to:Identity Manager - Version 220.127.116.11.0 and later
Information in this document applies to any platform.
In OIM 18.104.22.168.x + one off 24442680 or BP including this fix (since OIM 22.214.171.124.170117) if an admin user has a custom admin role with capability User - Modify, the admin user can submit requests to revoke or request roles for the users.
For example user adminuser is a member of the admin role CustomAdminRole that provides capability User - Modify with scope Org1
With the above custom admin role, admin user adminuser can submit a request to revoke or request a role for user1
This behavior is not correct as capability User - Modify should not implicitly allow us to request or revoke a role.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms