Skip Headers
Oracle® Role Manager Release Notes
Release 10g (

Part Number E12025-06
Go to Documentation Home
Go to Book List
Book List
Go to Table of Contents
Go to Feedback page
Contact Us

  View PDF

Oracle® Role Manager

Release Notes

Release 10g (


February 2009

This document contains release notes of Oracle Role Manager and includes the following topics:

1 Oracle Role Manager Documentation

The following guides are located at the Oracle Technology Network. You can refer to them for detailed information about Oracle Role Manager.


For information about updates to the Oracle Role Manager release 10.1.4 documentation set, visit Oracle Technology Network at

2 What's New in Oracle Role Manager

The following sections discuss what's new in Oracle Role Manager release

2.1 New Component Support

This section discusses the following new certifications:


For a complete list of certified components, visit the official platform certification Web site at:

2.1.1 Oracle Role Manager Integration Library Certification

Oracle Role Manager Integration Library now supports integration with Oracle Identity Manager on Oracle WebLogic Server 10.3 and JBoss 4.2.3. For more information, see Oracle Role Manager Integration Guide.

2.1.2 IBM WebSphere Application Server Certification

Oracle Role Manager now supports deployment on IBM WebSphere For updated instructions, see Oracle Role Manager Installation Guide..

2.1.3 JBoss Application Server Certification

Oracle Role Manager now supports deployment on JBoss 4.2.3. For updated instructions, see Oracle Role Manager Installation Guide.

3 Certified Components

This section identifies components certified with Oracle Role Manager release and contains the following topics:

3.1 Operating Systems

Oracle Role Manager release is certified for the following operating systems:

  • Microsoft Windows Server 2003 Standard Edition with SP1

  • Oracle Enterprise Linux 4

  • Oracle Enterprise Linux 5

  • Red Hat Enterprise Linux AS Release 4

  • Red Hat Enterprise Linux AS Release 5

3.2 Application Servers

Oracle Role Manager release is certified for the following application servers:

  • WebLogic Server 10.3 (on clustered and nonclustered environments)

  • IBM WebSphere Application Server (on nonclustered environments)

  • JBoss Application Server 4.2.3 (on nonclustered environments)

3.3 Databases

Oracle Role Manager release is certified for the following databases:

  • Oracle Database Deployment

    • Oracle Database 10g Enterprise Edition release to 10.2.x

    • Oracle Database 10g Standard Edition release to 10.2.x

    • Oracle Database 11g Standard Edition release to 11.1.0.x

    • Oracle Database 11g Enterprise Edition release to 11.1.0.x

  • Oracle RAC Deployment (general purpose operation)

    • Oracle Database 10g Enterprise Edition release to 10.2.x

    • Oracle Database 11g Enterprise Edition release to 11.1.0.x

3.4 Certified JDKs

For each certified application server, Oracle Role Manager release is certified for the JDKs listed in Table 1.

Table 1 Certified JDKs

Application Server Certified JDK

Oracle WebLogic Server

Oracle JRockit 6.0 (R27.6.0-50)

IBM WebSphere Application Server


JBoss Application Server

Sun Java 2 JDK 1.6

3.5 Supported Configurations

Oracle Role Manager release supports the configurations listed in Table 2.

Table 2 Supported Configurations

Operating System Hardware Application Server Database

Oracle Enterprise Linux 4 and 5

Intel Xeon or Pentium

WebLogic 10.3

Oracle Database (see Section 3.3)


JBoss 4.2.3

Oracle Database (see Section 3.3)



Oracle Database (see Section 3.3)

RedHat AS ES4 and ES5

Intel Xeon or Pentium

WebLogic 10.3

Oracle Database (see Section 3.3)


JBoss 4.2.3

Oracle Database (see Section 3.3)



Oracle Database (see Section 3.3)

Windows Server 2003 SP1

Intel Xeon or Pentium

WebLogic 10.3

Oracle Database (see Section 3.3)


JBoss 4.2.3

Oracle Database (see Section 3.3)



Oracle Database (see Section 3.3)

Windows XP Professional SP2 (development only)

Intel Pentium

WebLogic 10.3

Oracle Database (see Section 3.3)


JBoss 4.2.3

Oracle Database (see Section 3.3)



Oracle Database (see Section 3.3)


All certified application server operating systems are 32-bit. Although 64-bit hardware can run 32-bit application server operating systems, only 32-bit hardware is certified for this release.

3.6 Certified Single Sign-On Components

Oracle Role Manager release is certified for Single Sign-On with the following component:

  • Oracle Access Manager (formerly known as Oracle COREid) using both ASCII and non-ASCII character logins.


    Single Sign-On with Oracle Access Manager for non-ASCII character logins requires an Oracle Access Manager patch. Contact your Oracle Support representative and see Bug 5552617 for information about the appropriate Oracle Access Manager patch.

3.7 Languages

Oracle Role Manager release is certified for the following language:

  • English

3.8 Web Browsers

Oracle Role Manager release is certified for the following Web browsers:

  • Microsoft Internet Explorer 6.0 (SP2)

  • Microsoft Internet Explorer 7.0

4 Fixes in This Release

Oracle Role Manager release resolves the known bugs from previous releases listed in the following table.

Table 3 Bugs Resolved by

Bug # Description


Installation: Incorrect installation directory name on WebLogic. The ORMHOME\webui\weblogic\9.2 directory is created when you install Oracle Role Manager. The 9.2 directory should be named 10.3. This does not affect the working of Oracle Role Manager.

5 Known Problems

This section describes known problems for Oracle Role Manager release 10.1.4.x. If a suitable workaround exists for a known problem, it is listed with the description of the bug to provide a temporary solution.

This section contains the following topics:

5.1 Auditing

This section describes known bugs related to the auditing component and contains the following topics:

5.1.1 Some audit messages unclear or inaccurate (Bugs 6949666, 6950267, 6949761, 6949849)

Some audit and validation messages displayed to the end user are unclear or contain incorrect references.

5.1.2 Dynamic membership updates are not audited (Bug 6949154)

Changes to a user's memberships based on dynamic roles (resolved by membership rules or grant policies) are not stored with audit data.

5.1.3 System displays misleading information for create transactions (Bug 6949820)

System displays the transaction as an update action in the Outbox even when the user has performed a create transaction.

5.1.4 Duplicate audit messages are displayed in the transaction details (Bug 6949683)

If a user updates any attribute and navigates to any other tab before clicking the Submit button, duplicate entries are displayed in the transaction details in the Outbox.

5.2 General Usability

This section describes general user interface bugs and contains the following topics.

5.2.1 User has no indication why the Delete option is disabled for organizations with child entities (Bug 7153260)

The relationship between organization type objects and their child entities (other organization types, roles, and people) is restrictive, which means if the organization has active relationships with child entities, the organization cannot be deleted. Therefore, the Delete option on the context menu is disabled but the user is given no indication about why it is disabled.

5.2.2 Wrapping of data fails (Bug 6949992)

System fails to wrap data with a large number of characters in multiple places in the application.

5.2.3 Context menu continues to display when a user selects another transaction (Bug 6949144)

System displays the context menu in left hand pane even when the user has selected to perform another transaction, until the user either clicks another primary or secondary menu item or refreshes the context menu.

5.2.4 Unnecessary scroll bar on tabbed pages (Bug 6949537)

In resolution 1600 x 1200 or smaller, the horizontal scroll bar always appears for all the tabs at the bottom content frame (Attributes, Members, Privileges, Mappings and History).

5.2.5 Hierarchy bread crumbs update only on submit and reload of the page (Bug 6949649)

When a person's location in any of the hierarchies changes, the hierarchy path bread crumb does not change unless submit and reload actions are performed.

5.2.6 Tree view requires refresh to reflect recent updates (Bug 6949808)

The user must refresh the tree after performing a transaction that creates or updates tree members to reflect those changes in the tree view. This is only an issue if a node is created directly under the root node or for operations performed in other user sessions.

5.2.7 Timestamp value does not always match user's locale in role mapping details (Bug 6949755)

When viewing role mapping details, the user may see local time in some and GMT in others. The timestamp format should always match the user's locale.

5.3 Installation

This section describes known bugs related to installation and contains the following topics.

5.3.1 Configuration Assistant fails on retry after database connection (Bug 6949157)

System fails to roll back the previous configuration and displays an exception on retrying the configuration. The workaround is to exit and restart the installer and uninstall the recent installation home, drop and re-create the users/schemas for Oracle Role Manager, then run the installer to install and configure Oracle Role Manager.

5.3.2 Installer intermittently skips screens when the user goes back to previous screen (Bug 7145992)

If this occurs, the workaround is to navigate all the way back to the File Location Page, which forces the installer to restart the interview phase and display all screens.

5.3.3 System displays the file copy progress as 92% on completion instead of 100% while running the silent installer (Bug 6949464)

While running the installer in silent mode, the file copy progress is displayed as 92% instead of 100%.

5.4 Integration Library

This section describes known bugs of the Oracle Role Manager Integration Library with Oracle Identity Manager and contains the following topic:

5.4.1 Deploying on UNIX-based systems requires renaming of directory to ensure successful role reconciliation (Bug 8235658)

Role reconciliation fails on case-sensitive UNIX-based systems because the message from Integration Library is looking for the pluginConfigDir directory instead of the pluginConfigdir directory (note the lowercase d). The workaround is to rename the pluginConfigdir directory in ORMINT_HOME to pluginConfigDir (note the uppercase D).

5.4.2 Exception in Oracle Identity Manager server console when creating user (Bug 7043245)

Creating a user through the Oracle Identity Manager Administrative and User Console displays the following error message in the server console:

ERROR [XELLERATE.SERVER] Class/Method: tcProperties/tcProperties encounter some problems: Must set a query before executing
com.thortech.xl.dataaccess.tcDataSetException: Must set a query before executing 

This message can be ignored. User creation is successful, both in Oracle Identity Manager and in Oracle Role Manager.

5.4.3 Sequence in which records are reconciled from Oracle Identity Manager affects creation of relationships between person records (Bug 7539324)

Suppose the person records of a user and the user's manager are created in Oracle Role Manager during reconciliation with Oracle Identity Manager. You then delete the manager's person record through the Oracle Role Manager user interface. During the scheduled user reconciliation (Quick or Full) after the manager's person record is deleted, although the manager's person record is re-created in Oracle Role Manager, the manager's person record might not be associated with the user's person record. By the end of the next scheduled user reconciliation (Quick or Full), the manager's person record is associated with the user's reconciliation run.

5.4.4 Exception intermittently displays in Oracle Identity Manager application server console on JBoss (Bug 8226900)

The exception message ERROR [ACCOUNTMANAGEMENT] Class/Method: Authenticate/connect@ encounter some problems: at Source) displays in the application server console when running the Integration Library on JBoss. This message is harmless and can be ignored.

5.5 Search

This section describes known bugs around the search functionality and behavior and contains the following topics:

5.5.1 Sorting of items in search results are case sensitive (Bug 6950123)

Sorting of search results should not be case sensitive throughout the application.

5.5.2 Search results fail to refresh in pop-up windows (Bug 6950158)

System fails to refresh the search results and displays the previous search results in the pop-up window.

5.5.3 Searchable attributes/operators should be sorted alphabetically (Bug 6949943)

Search attributes and operators appear to be sorted in random order in the search menu on search pages. Sort order should be alphabetical and non-case-insensitive.

5.5.4 Search operator should be retained when selecting a different search attribute. (Bugs 6949945 and 7352063)

When the user searches by first name using the begins with operator and later searches by a different attribute, the operator refreshes to contains, the default operator.

5.5.5 Misleading message when user attempts empty wildcard search (Bug 7503660)

When the user searches on a blank value, the message "Full wildcard search is not supported" displays, which is a misleading statement. Full wildcard searches can be performed by entering the percent symbol (%) in the field to search.

5.5.6 SELECT query returns deleted objects (Bug 7529678)

A SELECT query run on the database using the Oracle Role Manager tjdbc driver returns deleted objects. This can affect reports but has no affect on the Oracle Role Manager user interface.

The recommended workaround is to add a WHERE clause in the query. If you do not want to use a valid WHERE clause, then include a WHERE clause like WHERE 1=1.

5.6 Server

This section describes known server bugs and contains the following topics:

5.6.1 CSV file parsing errors during data load (Bugs 7351568 and 7718897)

The strings defined as field delimiters in the load script for different object types are inconsistent. All objects types use the carat (^) as a delimiter except organization object types, which are set to use the single quote ('). This can result in CSV file parsing errors.

The recommendation is to use a character that is not contained in your data set as the delimiter for all object types. The delimiter is set in the file parsing scripts. For information about the file parsing scripts see Oracle Role Manager Administrator's Guide.

5.6.2 System allows the System Administrator system role to be deleted or made inactive (Bug 6949617)

Important grants are allowed to be removed. The recommended workaround is to use the procedures described in the Oracle Role Manager Administrator's Guide to restore the System Administrator system user.

5.6.3 J2EE EJB method invocation may time out and roll back if batch role resolution takes longer than specified time (Bug 6949667)

EJB method invocation has a timeout associated with it so that no matter how many retries might take place, the batch role membership does not complete.

For JBoss, in the jboss.xml file, add configuration of the following to the TimerCommandEJB configuration:

      <transaction-timeout>3600</transaction-timeout><!-- Maximum 1 hour per batch resolution process -->

For WebSphere, in the server.jar file, add a META-INF/ibm-ejb-jar-ext.xmi file with the following contents:

<?xml version="1.0" encoding="UTF-8"?>
<ejbext:EJBJarExtension xmi:version="2.0" xmlns:xmi="" xmlns:ejbext="ejbext.xmi" xmlns:ejb="ejb.xmi" xmi:id="ejb-jar_ID_Ext">
<ejbExtensions xmi:type="ejbext:SessionExtension" xmi:id="SessionExtension_1" timeout="3600">
   <enterpriseBean xmi:type="ejb:Session" href="META-INF/ejb-jar.xml#Session_1183672362012"/>
<ejbJar href="META-INF/ejb-jar.xml#EJBJar_1183672362010"/>

5.6.4 RAC support lacks certification for high availability scenarios (Bug 7503879)

The Oracle Role Manager supports RAC database environments for general purpose operation only. High-availability scenarios, such as load balancing and failover, are not officially supported.

5.7 System Messages

This section describes bugs relating to messages generated by the system that display to the end user. This section contains the following topics:

5.7.1 System fails to display a warning dialog when canceling or navigating away from a create process (Bugs 6949247 and 6950222)

The system does not display a dialog with a meaningful message and successfully allows the user to navigate away from the create page. The user is not warned that he may lose data already entered.

5.7.2 System should provide useful warning for syntactically incorrect XML rule (Bug 6949255)

The system does not issue a user-friendly message if a syntactically incorrect membership rule is given in the role grant policy or membership rule. Instead, a generic "setMembershipRule failed" error displays.

5.7.3 No warning message when delegating a Business Role twice to the same person (Bug 6949540)

When delegating a Business Role twice to the same person, the system successfully prevents repeat delegation, but no message displays to inform the user that the person already has been delegated that role.

6 Documentation Accessibility

Our goal is to make Oracle products, services, and supporting documentation accessible to all users, including users that are disabled. To that end, our documentation includes features that make information available to users of assistive technology. This documentation is available in HTML format, and contains markup to facilitate access by the disabled community. Accessibility standards will continue to evolve over time, and Oracle is actively engaged with other market-leading technology vendors to address technical obstacles so that our documentation can be accessible to all of our customers. For more information, visit the Oracle Accessibility Program Web site at

Accessibility of Code Examples in Documentation

Screen readers may not always correctly read the code examples in this document. The conventions for writing code require that closing braces should appear on an otherwise empty line; however, some screen readers may not always read a line of text that consists solely of a bracket or brace.

Accessibility of Links to External Web Sites in Documentation

This documentation may contain links to Web sites of other companies or organizations that Oracle does not own or control. Oracle neither evaluates nor makes any representations regarding the accessibility of these Web sites.

TTY Access to Oracle Support Services

To reach AT&T Customer Assistants, dial 711 or 1.800.855.2880. An AT&T Customer Assistant will relay information between the customer and Oracle Support Services at 1.800.223.1711. Complete instructions for using the AT&T relay services are available at After the AT&T Customer Assistant contacts Oracle Support Services, an Oracle Support Services engineer will handle technical issues and provide customer support according to the Oracle service request process.

Oracle Role Manager Release Notes Release 10g (


Copyright © 2008, 2009, Oracle and/or its affiliates. All rights reserved.

This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.

The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing.

If this software or related documentation is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the following notice is applicable:

U.S. GOVERNMENT RIGHTS Programs, software, databases, and related documentation and technical data delivered to U.S. Government customers are "commercial computer software" or "commercial technical data" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, duplication, disclosure, modification, and adaptation shall be subject to the restrictions and license terms set forth in the applicable Government contract, and, to the extent applicable by the terms of the Government contract, the additional rights set forth in FAR 52.227-19, Commercial Computer Software License (December 2007). Oracle USA, Inc., 500 Oracle Parkway, Redwood City, CA 94065.

This software is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications which may create a risk of personal injury. If you use this software in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure the safe use of this software. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software in dangerous applications.

Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.

This software and documentation may provide access to or information on content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services.