I was doing R n D and found the biggest bug in OIM 11g. I am able to reproduce the same in OIM 10g as well.
A user who is part of All User group, can export all the configuration from OIM and can perform other operations as well.
NOTE: I am not posting other internal things.
Steps to Reproduce:
Create a user:
Check the Roles:
Login with EUSER and verify User doesn't have access to Advance Console
Content are hidden for Security Purpose