Steps to reproduce:
1. Create a conditional role (managed or internal), with a condition based on the "updates" property of the "preferences" object:
2. Open the role definition in the admin UI in IDM, note that the "Query" box shows the boolean value in double quotes (as if its treating the boolean value as string):
/preferences/updates eq "true"
and the UI also shows
3. If we hit save, then the conditional role membership behaves unpredictably. Any users who were already members of the role, keep showing as the members. If any user changes their "/preferences/updates" to false, they are removed from the member list (as expected), but if they change "/preferences/updates" to true again, they do not show up in the member list!