It's all about IAM

Identity And Access Management - Rajiv Dewan

Weird Behavior : Role Membership OIM 11g R2 PS1


  • Assigned a role to a user (through request/direct). 
  • Verified the role membership through user entity as well as through role entity 
  • Membership existed at both the places
  • Disabled the user
  • Verified the role membership through role entity, user got removed from the role
  • Verified the role membership through user entity, role was still there
  • Verified from Database end, user was still having role membership there

Expected Result:

  • Role membership must remain with user because there's no membership rule associated with role on user status attribute
  • Role Entity UI and User Entity UI must be in synch

Expected Issue :

It's an issue with the API. It only returns Active users.

Hint for Product Team: appendActiveUsersCriteria

Role Membership Through Role Entity

Role Membership Through User Entity