Error "This field cannot exceed 4000 characters" is received when adding membership rule in a Role in RSA Identity Governance and Lifecycle 7.0+

2 years ago

Originally Published: 2017-06-16

Article Number

000065065

Applies To

RSA Product Set: RSA Identity Governance and Lifecycle
RSA Version/Condition: 7.0.x

Issue

When adding a membership rule with 34404 characters using 'Advanced' selection in a Role, you are getting a pop up message "This filed cannot exceed 4000 characters". You have a business need to create several membership rules which may exceed 4000 characters. Is it possible to exceed the size limit for this field?

Cause

4000 characters is the current data type limit by Oracle. Due to this limitation, we can not exceed this limit in Identity Governance and Lifecycle 7.x.

Resolution

Increasing this limit would require changing the data type for the Advanced section that defines a WHERE clause. You can submit RFE request to change a data type for membership rule within a role.

Workaround

Using a large membership rule with 4000 characters or higher is not manageable in terms of design of a rule. Secondly, it will cause performance issues. So instead of creating a large membership rule by using several conditions, you can use one of the two approaches below:
1) Introduce a new user attribute to capture these high level groups (rather than using more than 4000 characters and/or from existing attributes)
2) Use roles as entitlements of roles. I.e. make a series of roles with a subset of the rule identifying a business-comprehensible and manageable users, and putting a common technical role as the entitlement of all of them.

Don't see what you're looking for?

Potential Impact from Salesforce Device Activation Change

Related Articles

Trending Articles