User - Modify Capability Allowing One to Submit Grant Or Remove Roles Request From Another User
(Doc ID 2318995.1)
Last updated on APRIL 27, 2023
Applies to:
Identity Manager - Version 11.1.2.3.0 to 11.1.2.3.171017 [Release 11g]Information in this document applies to any platform.
Symptoms
In OIM 11.1.2.3.x + one off patch for <Bug 24442680> or on a Bundle patch which includes this <Bug 24442680> fix such as OIM 11.1.2.3.170117, if an admin user has a custom admin role with capability User - Modify, the admin user can submit requests to revoke or request roles for the users.
For example a user: <USERID> is a member of the admin role CustomAdminRole that provides capability User - Modify with scope a OIM organization: <ORG>
With the above custom admin role, user can submit a request to revoke or request a role for another user: <END_USER> with only having capability User - Modify.
Why is capability User - Modify allowing the user to create a request to grant or revoke a role for another user?
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |