Access Policy Harvesting - Unable To Revoke Entitlements
Last updated on NOVEMBER 01, 2016
Applies to:Identity Manager - Version 220.127.116.11.1 and later
Information in this document applies to any platform.
Scenario: Have accounts and entitlements reconciled in to OIM from Target systems and are in the process of implementing Roles and Access policies to provision access to these target systems. The new roles will include access which has already been provisioned to the accounts and is maintained in OIM as reconciled entitlements. Have enabled Access policy harvesting , but observe that revocation of Role does not revoke the underlying entitlements.
Note: Roles & access policies are being used to provision entitlement level access and not accounts to targets.
User 1-> Account 1 -> Entitlement 1 and Entitlement 2 ( both entitlements reconciled in to OIM from Target)
Role 1-> Access Policy 1-> Entitlement 1 and Entitlement 2
Role 1 is provisioned to User1 , and see that there is no net change in entitlements , which is as expected.
Role 1 is now removed from User 1 and observe that the Entitlements 1 and 2 are not revoked, which is the issue.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
Million Knowledge Articles and hundreds of Community platforms