RuntimeException: One user cannot be deleted in Policy Manager

Document ID : KB000101413
Last Modified Date : 07/01/2019
Show Technical Document Details
It is not possible to delete one user in the Identity Provider via Policy Manager.

When trying to delete the internal user following error is seen 

ava.lang.RuntimeException: Found more than one membership to be deleted; user <hexoid>, group <hexoid> 
at com.l7tech.server.identity.PersistentGroupManagerImpl$5.doInHibernate( 
at org.springframework.orm.hibernate3.HibernateTemplate.doExecute( 
at org.springframework.orm.hibernate3.HibernateTemplate.execute( 
at com.l7tech.server.identity.PersistentGroupManagerImpl.deleteMembership( 
at com.l7tech.server.identity.PersistentGroupManagerImpl.setUserHeaders( 
at com.l7tech.server.identity.PersistentGroupManagerImpl.update( 
at com.l7tech.server.identity.PersistentGroupManagerImpl.update( 
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
at sun.reflect.NativeMethodAccessorImpl.invoke( 
at sun.reflect.DelegatingMethodAccessorImpl.invoke( 
at java.lang.reflect.Method.invoke( 

The user is associated with only one group and that group has only one user.
Build Info: 
CA API Gateway 8.3.00 build 4753,
Try to find the entries in database using following commands

1. Find the mapping of user - user group and identity provider  select hex(goid) , hex( internal_group) , hex(provider_goid) , hex(user_goid) , hex(subgroup_id) from internal_user_group \G; 

2. Find groups available select hex(goid) from internal_group; 

3.  Find the identity provider available select hex(goid), name from identity_provider; 

4. Find internal users available
select hex(goid) from internal_user; 

The above queries will help in identifying the mapping between user , user group , identity providers and groups.

For example in above issue we found that 

there were 3 duplicate entries for same user group , user id and identity provider in table internal_user_group and deleting 2 entries using

delete from internal_user_group where hex(goid) = '<number>'; 

resolved the issue.

However the cause of the issue will defer from case to case so please keep a full backup of ssg database and snapshot of  all the nodes to prevent any critical situation due to changes.