OIM11g: Role Membership Rule Evaluation Not Working On Disabled Identities.
Last updated on OCTOBER 10, 2016
Applies to:Identity Manager - Version 220.127.116.11.0 and later
Information in this document applies to any platform.
**Checked for Relevance on 25-Oct-2013**
In OIM 11g, it is observed that role membership rule doesn't remove a user from the role if the rule is no longer valid when the user is disabled.
This behavior is best described with the following test case.
1- Create a simple rule from Design Console
2- Create a new role from admin console
3- Assign the membership rule to the new role from admin console
4- Create a new user
5- Change user's attribute so that the attributes values match the rule defined in point 1
6- The Role created in point 3 should then be automatically assigned to the user
7- Disable the user from the User profile (by using xelsysadm account or any user with right privileges). The user should still have the role assigned
8- Update user's attributes so that the rule is not matched anymore. The user is not removed from the role.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
Million Knowledge Articles and hundreds of Community platforms