I'm trying to use do-create-role to create a role via IdM policy. When I use do-create-role, I cannot get the driver to start. I get an error:

Element 'do-create-role' not allowed in 'arg-actions'.

I had it inside an if condition, so I also tried it just as a normal action, similar problem:

Element 'do-create-role' not allowed in 'actions'.

Is there a known issue with do-create-role? This is IdM 4.5.6.