My Oracle Support Banner

OIM Role Membership Rule With NOT_IN Expression In Membership Rule Not Working (Doc ID 2635543.1)

Last updated on OCTOBER 08, 2021

Applies to:

Identity Manager - Version 12.2.1.3.190624 and later
Information in this document applies to any platform.

Symptoms

OIM Role membership rule with NOT_IN expression in membership rule does not evaluate as expected

Steps to reproduce the issue

-----------------------------------

The issue can be reproduced at will with the following steps:

1. Create a role in OIM

2. Create a membership rule which includes both IN and NOT_IN operators like : ( Country IN ["US","IN"] ) AND ( Cost Center Number NOT_IN ["123","456"] ) )

3. Create a user who will satisfy the role membership rule

4. User is created but role is not assigned to the user, error related to assigning membership role is seen in logs

5. Also, the NOT_IN operator is displayed as UNKNOWN after the rule is created

ERROR

-----------------------

Caused By: oracle.iam.identity.exception.RuleEngineException: Invalid Rule expression - NOT_IN.

  at oracle.iam.identity.ruleengine.impl.SearchRuleEvaluator.evaluateUserSearchRuleAsExpression(SearchRuleEvaluator.java:199)

  at oracle.iam.identity.ruleengine.impl.SearchRuleEvaluator.evaluateUserSearchRuleAsExpression(SearchRuleEvaluator.java:79)

  at oracle.iam.identity.ruleengine.impl.SearchRuleEvaluator.evaluateUserSearchRuleAsExpression(SearchRuleEvaluator.java:73)

  at oracle.iam.identity.ruleengine.impl.SearchRuleEvaluator.evaluateSearchRule(SearchRuleEvaluator.java:53)

  at oracle.iam.identity.usermgmt.impl.util.UserPostProcessHelper.getEntitiesToAdd(UserPostProcessHelper.java:318)

  at oracle.iam.identity.usermgmt.impl.util.UserPostProcessHelper.getUserRelationshipChanges(UserPostProcessHelper.java:217)

  at oracle.iam.identity.usermgmt.impl.util.UserPostProcessHelper.process(UserPostProcessHelper.java:113)

  at oracle.iam.identity.usermgmt.impl.handlers.UserPostProcessActionHandler.callRuleEngine(UserPostProcessActionHandler.java:130)

  at oracle.iam.identity.usermgmt.impl.handlers.UserPostProcessActionHandler.execute(UserPostProcessActionHandler.java:95)

  at oracle.iam.platform.kernel.impl.OIMEvent.executeHandlers(OIMEvent.java:224)

  at oracle.iam.platform.kernel.impl.MonitoredOIMEvent.invokeExecuteHandler(MonitoredOIMEvent.java:99)

  at oracle.iam.platform.kernel.impl.MonitoredOIMEvent.executeHandlers(MonitoredOIMEvent.java:69)

  at oracle.iam.platform.kernel.impl.OIMEvent.execute(OIMEvent.java:157)

  at oracle.iam.platform.kernel.impl.ProcessImpl.executeStage(ProcessImpl.java:223)

  at oracle.iam.platform.kernel.impl.OIM

 

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.