My Oracle Support Banner

What Admin Roles Provide Just the Right Amount of Permissions to invoke API to read IT Resource Parameters? (Doc ID 2716754.1)

Last updated on NOVEMBER 05, 2020

Applies to:

Identity Manager - Version and later
Information in this document applies to any platform.


The customization during account provisioning( requested by end user with admin roles) which will invoke getITResourceInstanceParametersData API is failing with this permission issue:

Replication Steps:

1. Login identity console as an end user with not providing Application Instance Administrator role.
2. Search for an user, open the user, then click on the Account tab.
3. Click request, then select the connector application instance.
4. Submit request.
     The above error is thrown.

The above code works, if Application Instance Administrator role is given to this end user. However, it also exposes following UI for this user:
- the Application icon is displayed in the Identity console
- allows access to /sysadmin console showing Application instances and scheduler links

Is there an admin role which does not expose these UI features, but can only provide permission to run the API to read IT Resource details?


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.