AdminUI Read Only Administrator cannot see the Identity Manager Roles in a Policy

Document ID : KB000006283
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

 Setting permission "Only View" to "myreadonlyadm" administrator, then when
 this administrator tries to see the users from a Policy (Users tab),
 then the AdminUI reports error :

 Insufficient rights. fetch, CA.SM::IMSEnvironment

 This happens for users which have IDM roles;

 Administrator "itviewmyriam"

 Workspace : no workspace
 Access Options : GUI

 If I login with siteminder super admin, then I can see those Identity Manager Roles objects
 attached to the Policy

Environment:
Policy Server 12.52SP1CR02; AdminUI 12.52SP1CR02;
Cause:

There's a limitation in the XPS code on the Policy Server side that doesn't allow the read-only administrator to view the Identity Manager Roles objects when linked to a given Domain Policy

Resolution:

   Apply the CR06 to the Policy Server to fix this issue.
   And because the Policy Server runs CR06, you have to upgrade as well the AdminUI, Pre-req and Policy Store.
   The upgrade of the AdminUI only won't fix the issue.