Access Policy Harvesting - Unable To Revoke Entitlements
(Doc ID 2015683.1)
Last updated on DECEMBER 27, 2023
Applies to:
Identity Manager - Version 11.1.2.2.0 and laterInformation in this document applies to any platform.
Goal
Scenario: Have accounts and entitlements reconciled in to OIM from Target systems and are in the process of implementing Roles and Access policies to provision access to these target systems. The new roles will include access which has already been provisioned to the accounts and is maintained in OIM as reconciled entitlements. Have enabled Access policy harvesting , but observe that revocation of Role does not revoke the underlying entitlements.
Note: Roles & access policies are being used to provision entitlement level access and not accounts to targets.
Example:
User 1-> Account 1 -> Entitlement 1 and Entitlement 2 ( both entitlements reconciled in to OIM from Target)
Role 1-> Access Policy 1-> Entitlement 1 and Entitlement 2
Role 1 is provisioned to User1 , and see that there is no net change in entitlements , which is as expected.
Role 1 is now removed from User 1 and observe that the Entitlements 1 and 2 are not revoked, which is the issue.
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |