My Oracle Support Banner

User - Modify Capability Allowing One to Submit Grant Or Remove Roles Request From Another User (Doc ID 2318995.1)

Last updated on APRIL 27, 2023

Applies to:

Identity Manager - Version to [Release 11g]
Information in this document applies to any platform.


In OIM + one off patch for <Bug 24442680> or on a Bundle patch which includes this <Bug 24442680> fix such as OIM, if an admin user has a custom admin role with capability User - Modify, the admin user can submit requests to revoke or request roles for the users.

For example a user: <USERID> is a member of the admin role CustomAdminRole that provides capability User - Modify with scope a OIM organization: <ORG>



With the above custom admin role, user can submit a request to revoke or request a role for another user: <END_USER> with only having capability User - Modify.



Why is capability User - Modify allowing the user to create a request to grant or revoke a role for another user?


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.