OES11g- SYS_OBJ getting Null with NewQueryPepRequest() (Doc ID 2126288.1)

Last updated on APRIL 20, 2016

Applies to:

Oracle Entitlements Server - Version 11.1.2.3.0 and later
Information in this document applies to any platform.

Symptoms

If use the SYS_OBJ  policy not evaluating correctly

For example :-

Create hierarchical resource like 

1.Region  2. Region/ Oracle Support  3.Region/ Oracle Testers  4.Region/ Oracle Development and allow action view on the above resources

2. Create the policy with the condition

STRING_CONTAINS ("string", sys_obj)=true    execute the test case with the with  newbulkPepRequest  ->works

Change function

 STRING_CONTAINS ("string", sys_obj_q)=true execute the test case with the with  newbulkPepRequest->works

Now change the to  use the newQueryPeprequest for sys_obj  it fails

 

SEEING THE FOLLOWING in the logs, instead of getting  GRANT-> VIEW,  seeing DENIED action view

FINE: computeByBuiltInEvalFuncs is invoked for condition: (STRING_CONTAINS(Oracle,SYS_OBJ) = true)
FINE: computeByBuiltInEvalFuncs is invoked for condition: (STRING_CONTAINS(Oracle,SYS_OBJ) = true)
FINE: computeByBuiltInEvalFuncs is invoked for condition: (STRING_CONTAINS(Oracle,SYS_OBJ) = true)
FINE: computeByBuiltInEvalFuncs is invoked for condition: (STRING_CONTAINS(Oracle,SYS_OBJ) = true)

FINE: got attribute value: SYS_OBJ null
FINE: got attribute value: SYS_OBJ null
FINE: got attribute value: SYS_OBJ null
FINE: got attribute value: SYS_OBJ null


.Resource app:type:name ThreatDatabase:RegionResourceType:/Region/Oracle Development
Granted actions = []
Denied actions = [view]
Resource app:type:name ThreatDatabase:RegionResourceType:/Region/Oracle Testers
Granted actions = []
Denied actions = [view]
Resource app:type:name ThreatDatabase:RegionResourceType:/Region
Granted actions = []
Denied actions = [view]
Resource app:type:name ThreatDatabase:RegionResourceType:/Region/Oracle Support
Granted actions = []
Denied actions = [view]
End newQueryPepRequest()

 

 

 

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms