Having this problem with some Oracle responsibilities, to give and revoke them, when try to do any action of these, we have a duplicity issue as written below:
Cause: Oracle Applications User '<USERNAME>' on '<ENDPOINTNAME>' modification failed: Connector Server Modify failed: code 80 (OTHER-LdapNamingException): failed to modify entry: eTFNDUserName=<USERNAME>,eTFNDAccountContainerName=Users,eTFNDDirectoryName=<ENDPOINTNAME>,eTNamespaceName=Oracle Applications,dc=im,dc=etasa: JCS@<CONNECTORSERVERHOST>: JNDI: [LDAP: error code 1 - SqlUpdateResp() error: Error executing "{CALL APPS.FND_USER_PKG.AddResp(?,?,?,?,?,?,?)}": [Oracle][ODBC][Ora]ORA-20001: Oracle error -20002: ORA-20002: 4016: User/Role relationship for user '<USERNAME>' and role '<Role1|Role2|Role3>' already exists. has been detected in <Role2>
(Message truncated -- see logs)]: failed to modify eTFNDUserName=<USERNAME>,eTFNDAccountContainerName=Users,eTFNDDirectoryName=<ENDPOINTNAME>,eTNamespaceName=Oracle Applications,dc=im,dc=etasa (ldaps://<ip-adress of connector server>:20411) Action: Assign the provisioning role "<PROVISIONING ROLE1>" to user "<USERNAME>"
Release : 14.3
Component : CA IDENTITY SUITE (VIRTUAL APPLIANCE)
The message we found in the logs:
[Oracle][ODBC][Ora]ORA-20001: Oracle error -20002: ORA-20002: 4016: User/Role relationship for user '<USERNAME>' and role '<Role1|Role2|Role3>' already exists. has been detected in <Role2>
Looking at the logs we identified that were trying to set one responsibility already set to the user. Oracle can set responsibilities directly or indirectly.
I mean, if the user already has an Oracle responsibility set indirectly, not set by Identity Manager, and Identity Manager tries to set the same Oracle Responsibility directly, by Identity Manager this will generate the error above.