Policy Violation Alert Displayed Incorrectly On Child Request

(Doc ID 2166316.1)

Last updated on JULY 31, 2016

Applies to:

Identity Manager - Version 11.1.2.3.0 and later
Information in this document applies to any platform.

Symptoms

An identity audit scan with a policy rule is defined for two LDAP entitlements TestRole1000 and TestRole1001

 

 

 

With the above policy rule a policy violation will be displayed when a user may end up with both roles.

user001 has an account in LDAP and has already entitlement TestRole1000 assigned.

user002 has an account in LDAP with no entitlement at all.

A bulk request is submitted to provide entitlement TestRole1001 to user001 and user002.

On submitting the request we get a policy violation for user001 because as a result of that request if approved user001 will end up with the two conflicting entitlements.

 

 

 

On approving the request we get two child requests, one for user001 that shows the correct policy violation

 

 

and one for user002 that shows an incorrect policy violation.

 

 

The request for user002 should not show any policy violation as user002 will not end up with a combination of TestRole1000 and TestRole1001. 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms