This content has been marked as final. Show 1 reply
I activated traces (as described in the admin guide for OES) and found the answer to my question. Nothing more special needs to be done, except saving the change in APM. It looks however safer to log out / log in in OIM.
I also found out that making change in the authorization policie is not trivial ... it is not enough to find the policies connected to a role, because a role might inherit others. Therefore you might also have to change many other policies.
Sum up: if you want to restrict access to some attributes, actions, it's much easier to use the customization features in the UI/ADF.