CR# 2151598: Delegation privileges cannot be defined for a filtered role (Sun Java System Access Manager 7 2005Q4 Release Notes)

Sun Java System Access Manager 7 2005Q4 Release Notes

CR# 2151598: Delegation privileges cannot be defined for a filtered role

If you create a new filtered role, it does not appear under the Privileges tab in the Admin Console.

Workaround. After you apply patch 8, follow these steps to update the Delegation Service (sunAMDelegationService) in the Directory Server schema:

Create an XML file with the FILTEREDROLE subject type. For example:

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE Requests
    PUBLIC "-//iPlanet//Sun Java System Access Manager 2005Q4 Admin CLI DTD//EN"
    "jar://com/iplanet/am/admin/cli/amAdmin.dtd">
<Requests>
   <SchemaRequests serviceName="sunAMDelegationService"
       SchemaType="Global" i18nKey="">
       <AddDefaultValues>
           <AttributeValuePair>
               <Attribute name="SubjectIdTypes"/>
               <Value>FILTEREDROLE</Value>
           </AttributeValuePair>
       </AddDefaultValues>
   </SchemaRequests>
</Requests>

Note: The XML encoding used in this example is ISO-8859-1. You might need to use a different encoding depending on your environment.

Use the amadmin command to load the XML file you created in Step 1 into Directory Server. For example:
```
# cd /opt/SUNWam/bin
# ./amadmin -u amadmin -w pwfile -t new-filteredrole.xml
```
where:
- pwfile contains the amadmin password.
- new-filteredrole.xml is the new XML file you created in Step 1.
Restart the Access Manager server web container.

Now, when you log in to the Admin Console, the filtered role will appear under the Privileges tab.