Incorrect SOD Policy Violation Alert For Child Requests (Doc ID 2189769.1)

Last updated on OCTOBER 09, 2016

Applies to:

Identity Manager - Version 11.1.2.3.160419 and later
Information in this document applies to any platform.

Symptoms

Getting the SOD Policy Violation alert for the child requests which do not have a SOD violation. In other words, the policy violation alert gets displayed for all child requests no matter if there is a violation.

Expected Behavior:
The policy violation alert should be displayed only for the child requests which have a violation.


Recreate Steps:
-Create a user manager001
-Create a user user001 with manager manager001 and provision to it entitlement TestRole1000
-Create a user user002 with manager manager001
-Create a rule for entitlement TestRole1000 and TestRole1001
-Create a policy for the above rule making sure Evaluate during Requests is selected.
- As manager001, submit a bulk request to assign TestRole1001 to both users. This generate a parent request with a policy violation because user001. If you click the Policy violation link you will see that as expected it shows only user001 with a violation. Now after approving the parent request, you would get two child requests one for user001 and one for user002.
- Open Track Requests tab, search for an approved parent request id and open it.
Click on request ID link for user002 from the 'Related Requests' table and you should see a Policy Violations link displayed. Refreshing the page makes it disappear.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms