My Oracle Support Banner

OIM Role Membership Rule With NOT_IN Expression In Membership Rule Not Working (Doc ID 2635543.1)

Last updated on OCTOBER 08, 2021

Applies to:

Identity Manager - Version and later
Information in this document applies to any platform.


OIM Role membership rule with NOT_IN expression in membership rule does not evaluate as expected

Steps to reproduce the issue


The issue can be reproduced at will with the following steps:

1. Create a role in OIM

2. Create a membership rule which includes both IN and NOT_IN operators like : ( Country IN ["US","IN"] ) AND ( Cost Center Number NOT_IN ["123","456"] ) )

3. Create a user who will satisfy the role membership rule

4. User is created but role is not assigned to the user, error related to assigning membership role is seen in logs

5. Also, the NOT_IN operator is displayed as UNKNOWN after the rule is created



Caused By: oracle.iam.identity.exception.RuleEngineException: Invalid Rule expression - NOT_IN.

  at oracle.iam.identity.ruleengine.impl.SearchRuleEvaluator.evaluateUserSearchRuleAsExpression(

  at oracle.iam.identity.ruleengine.impl.SearchRuleEvaluator.evaluateUserSearchRuleAsExpression(

  at oracle.iam.identity.ruleengine.impl.SearchRuleEvaluator.evaluateUserSearchRuleAsExpression(

  at oracle.iam.identity.ruleengine.impl.SearchRuleEvaluator.evaluateSearchRule(

  at oracle.iam.identity.usermgmt.impl.util.UserPostProcessHelper.getEntitiesToAdd(

  at oracle.iam.identity.usermgmt.impl.util.UserPostProcessHelper.getUserRelationshipChanges(

  at oracle.iam.identity.usermgmt.impl.util.UserPostProcessHelper.process(

  at oracle.iam.identity.usermgmt.impl.handlers.UserPostProcessActionHandler.callRuleEngine(

  at oracle.iam.identity.usermgmt.impl.handlers.UserPostProcessActionHandler.execute(

  at oracle.iam.platform.kernel.impl.OIMEvent.executeHandlers(

  at oracle.iam.platform.kernel.impl.MonitoredOIMEvent.invokeExecuteHandler(

  at oracle.iam.platform.kernel.impl.MonitoredOIMEvent.executeHandlers(

  at oracle.iam.platform.kernel.impl.OIMEvent.execute(

  at oracle.iam.platform.kernel.impl.ProcessImpl.executeStage(

  at oracle.iam.platform.kernel.impl.OIM





To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.