User - Modify capability including implicit capabilities to Revoke and Remove roles
Last updated on MARCH 06, 2018
Applies to:Identity Manager - Version 18.104.22.168.0 and later
Information in this document applies to any platform.
In OIM 22.214.171.124.x + one off 24442680 or BP including this fix (since OIM 126.96.36.199.170117) if an admin user has a custom admin role with capability User - Modify, the admin user can submit requests to revoke or request roles for the users.
For example user adminuser is a member of the admin role CustomAdminRole that provides capability User - Modify with scope Org1
With the above custom admin role, admin user adminuser can submit a request to revoke or request a role for user1 with only having capability User - Modify.
This behavior is not correct as capability User - Modify should not implicitly allow us to request or revoke a role.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms