What Admin Roles Provide Just the Right Amount of Permissions to invoke API to read IT Resource Parameters?
(Doc ID 2716754.1)
Last updated on NOVEMBER 05, 2020
Applies to:Identity Manager - Version 220.127.116.11.0 and later
Information in this document applies to any platform.
The customization during account provisioning( requested by end user with admin roles) which will invoke getITResourceInstanceParametersData API is failing with this permission issue:
1. Login identity console as an end user with not providing Application Instance Administrator role.
2. Search for an user, open the user, then click on the Account tab.
3. Click request, then select the connector application instance.
4. Submit request.
The above error is thrown.
The above code works, if Application Instance Administrator role is given to this end user. However, it also exposes following UI for this user:
- the Application icon is displayed in the Identity console
- allows access to /sysadmin console showing Application instances and scheduler links
Is there an admin role which does not expose these UI features, but can only provide permission to run the API to read IT Resource details?
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document