Group Membership Changes Are Not Immediately Reflected in OPAM (Doc ID 1924425.1)

Last updated on OCTOBER 16, 2016

Applies to:

Oracle Privileged Account Manager - Version 11.1.2.2.0 and later
Information in this document applies to any platform.

Goal

Within OPAM, grants to target Accounts can be assigned as Group Grantees. That way, user rights can be managed by group membership in the external LDAP User Identity Store.

When a user's access is revoked; i.e. when they are removed from a Grantee Group, the account remains in the user's OPAM "My Accounts" list for several minutes. the target Account can still be seen in "My Accounts" even if a new search is performed.
The Account can still be checked out and the password revealed.

Is there any way to modify the refresh interval so that group membership updates and associated permissions are immediately reflected in the OPAM Grants?
 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms