If there is just one ucr policy connected at the root, it is not possible, to connect an other one via UMC. The button NEW ENTRY is not visible by default, when there is just one ucr policy attached, but if you create an other ucr policy and connect it via udm to the root, then you get the NEW ENTRY Button in the UMC and both ucr policys are attached and shown. After adding an other ucr policy, you can use the UMC now. Is this a single-value/multi-value Bug? To add a second ucr policy you can use this command: udm container/dc modify --dn $(ucr get ldap/base) --policy-reference='cn=office365sync,cn=config-registry,cn=policies,dc=henrichmann,dc=net' --policy-reference='cn=o365debug,cn=config-registry,cn=policies,dc=henrichmann,dc=net' Expected behaviour would be to have the NEW ENTRY button, even with just one ucr policy attached.
This bug was originally reported for UCS 4.4, but it's still reproducible with UCS 5.0-6. I have added a ticket describing a major incident caused by an accidentally overwritten policy due to this bug. In that case, a policy was overwritten that removed the ppolicy-overlay environment-wide. That policy was connected to the ou=dc,ou=computers,... The behavior occurs not only on the root container but on every ou. The workaround is working but does NOT prevent the situation which can cause serious incidents! A customer cannot expect situations like the described one. The workaround is just helpful afterwards.
Policies are single value, except for the UCR policy evaluation. The UDM-CLI can handle it but yes, we didn't cover this for UMC. I think we should add a flag to policy modules which say whether they are multivalue and then evaluate this in UMC. The good thing is, that all policies are currently transmitted as lists (in UDM-REST, UMC, etc).
*** This bug has been marked as a duplicate of bug 57046 ***