Disabled Users Excluded From Policy Evaluation > How Do Their Resources / Entitlements Get Revoked ? (Doc ID 1557716.1)

Last updated on MARCH 08, 2017

Applies to:

Identity Manager - Version 11.1.1.5.2 and later
Information in this document applies to any platform.

Symptoms

With the AK patch, a user could be disabled or deleted after the user is flagged for policy evaluation.
·If the next run of the scheduled task picks up a deleted user then the POLICY_EVAL_NEEDED flag will be reset to 0 and an appropriate warning
message will logged to indicate that policies can’t be evaluated for the user because the user is deleted and policy evaluation has been marked as
complete.
If the next run of the scheduled task picks up a disabled user then policy evaluation will not happen because the user is disabled. An
appropriate warning message is logged both from the API layer and also from the scheduled job. The scheduled job will then move on the next user for whom
policies need to be evaluated. It shouldn’t deteriorate OIM performance as mentioned in the bug.
 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms