Error "This field cannot exceed 4000 characters" is received when adding membership rule in a Role in RSA Identity Governance and Lifecycle 7.0+
3 years ago
Originally Published: 2017-06-16
Article Number
000065065
Applies To
RSA Product Set: RSA Identity Governance and  Lifecycle 
RSA Version/Condition: 7.0.x 

 
Issue
When adding a membership rule with 34404 characters using 'Advanced' selection in a Role, you are getting a pop up message "This filed cannot exceed 4000 characters".  You have a business need to create several  membership rules which may exceed 4000 characters. Is it possible to exceed the size limit for this field?
Cause
4000 characters is the current data type limit by Oracle.  Due to this limitation, we can not exceed this limit in Identity Governance and Lifecycle 7.x. 
Resolution
Increasing this limit would require changing the data type for the Advanced section that defines a WHERE clause. You can submit RFE request to change a data type for membership rule within a role. 
Workaround
Using a large membership rule with 4000 characters or higher is not manageable in terms of design of a rule.  Secondly, it will cause performance issues.  So instead of creating a large membership rule by using several conditions, you can use one of the two approaches below:
1) Introduce a new user attribute to capture these high level groups (rather than using more than 4000 characters and/or from existing attributes) 
2) Use roles as entitlements of roles. I.e. make a series of roles with a subset of the rule identifying a business-comprehensible and manageable users, and putting a common technical role as the entitlement of all of them.

Related Articles

Trending Articles

Don't see what you're looking for?