My Oracle Support Banner

Incorrect SOD Policy Violation Alert For Child Requests (Doc ID 2189769.1)

Last updated on APRIL 17, 2019

Applies to:

Identity Manager - Version 11.1.2.3.0 to 11.1.2.3.160719 [Release 11g]
Information in this document applies to any platform.

Symptoms

Getting the SOD Policy Violation alert for the child requests which do not have a SOD violation. In other words, the policy violation alert gets displayed for all child requests no matter if there is a violation.

Expected Behavior:
The policy violation alert should be displayed only for the child requests which have a violation.

Recreation Steps:
-Create a user <MANAGER>
-Create a user <END_USER1> with manager <MANAGER> and provision to it entitlement <ENT1>
-Create a user <END_USER2> with manager <MANAGER>
-Create a rule for entitlement <ENT1> and <ENT2>
-Create a policy for the above rule making sure Evaluate during Requests is selected.
- As <MANAGER>, submit a bulk request to assign <ENT2> to both users. This generate a parent request with a policy violation because <END_USER1>. If you click the Policy violation link you will see that as expected it shows only <END_USER1> with a violation. Now after approving the parent request, you would get two child requests one for <END_USER1> and one for <END_USER2>.
- Open Track Requests tab, search for an approved parent request id and open it.
- Click on request ID link for <END_USER2> from the 'Related Requests' table and you should see a Policy Violations link displayed. Refreshing the page makes it disappear.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.