RuntimeException: One user cannot be deleted in Policy Manager
search cancel

RuntimeException: One user cannot be deleted in Policy Manager


Article ID: 101413


Updated On:


CA API Gateway


When trying to delete the internal user following error is seen:

ava.lang.RuntimeException: Found more than one membership to be deleted; user <hexoid>, group <hexoid> 
at com.l7tech.server.identity.PersistentGroupManagerImpl$5.doInHibernate( 
at org.springframework.orm.hibernate3.HibernateTemplate.doExecute( 
at org.springframework.orm.hibernate3.HibernateTemplate.execute( 
at com.l7tech.server.identity.PersistentGroupManagerImpl.deleteMembership( 
at com.l7tech.server.identity.PersistentGroupManagerImpl.setUserHeaders( 
at com.l7tech.server.identity.PersistentGroupManagerImpl.update( 
at com.l7tech.server.identity.PersistentGroupManagerImpl.update( 
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
at sun.reflect.NativeMethodAccessorImpl.invoke( 
at sun.reflect.DelegatingMethodAccessorImpl.invoke( 
at java.lang.reflect.Method.invoke( 

The user is associated with only one group and that group has only one user.




Try to find the entries in the database using the following commands

1. Find the mapping of user - user group and identity provider  select hex(goid), hex( internal_group), hex(provider_goid), hex(user_goid), hex(subgroup_id) from internal_user_group \G; 

2. Find groups available select hex(goid) from internal_group; 

3.  Find the identity provider available select hex(goid), name from identity_provider; 

4. Find internal users available
select hex(goid) from internal_user; 



The above queries will help in identifying the mapping between the user, user group, identity providers, and groups.

For example, in the above issue, we found that 

there were 3 duplicate entries for the same user group, user id, and identity provider in table internal_user_group, and deleting 2 entries using

delete from internal_user_group where hex(goid) = '<number>'; 

resolved the issue.

However, the cause of the issue will defer from case to case so please keep a full backup of the ssg database and a snapshot of all the nodes to prevent any critical situation due to changes.