My Oracle Support Banner

Group Object Creation Fails When Requestor Has Thousands Of Roles (Doc ID 2388169.1)

Last updated on APRIL 22, 2018

Applies to:

Identity Manager - Version and later
Information in this document applies to any platform.


Group Object Creation Fails When Requestor Has Thousands Of Roles

Problem Description
While using Oracle Identity Manager (OIM),  if a user has thousands of roles on his/her account, group creation/provision operations will fail.

The error we see in the logs is this: (The full stack trace is in the SR_PROV_LDAP)GRP_ADM_MASS_ROLE file attached)
Target Class = oracle.iam.connectors.icfcommon.prov.ICProvisioningManager
<Class/Method: tcITResourceInstanceOperationsBean/getITResourceInstanceParametersData encounter some problems: Could not get logon user / group membership>
<Class/Method: tcITResourceInstanceOperationsBean/getITResourceInstanceParametersData encounter some problems: {1}
at com.thortech.xl.dataaccess.tcDataAccessExceptionUtil.createException(
at com.thortech.xl.dataaccess.tcDataBase.createException(
Caused By: java.sql.SQLSyntaxErrorException: ORA-01795: maximum number of expressions in a list is 1000

Here are the steps we take to reproduce the issue:
1. Log in to Identity Self-Service Console
2. Click 'Manage' tab
3. Click 'Organizations' and select an Organization.
4. Under the organization, click 'Provision'
5. Select 'LDAP Group' and click 'Continue'
6. When asked to 'Verify Resource Selection', click 'Continue'
7. Fill out the resource form, click 'Continue'
8. When asked to 'Verify Process Data' click 'Continue'. This will kick off the provisioning operation.




To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.