Role Is Revoked After Reviewer Accepts The Rejected Challenge By The Beneficiary

(Doc ID 2202563.1)

Last updated on JUNE 25, 2017

Applies to:

Identity Manager - Version and later
Information in this document applies to any platform.


During certification having the 'closed loop remediation' if the reviewers rejects a role for a user, then also that role gets revoked from the user even if the reviewer accepts the rejected challenge by the beneficiary.

Steps to recreate the issue:
1) Create a test user say, testuser1 and a test role, say testrole1
2) Assign testrole1 to the testuser1.
3) Create testuser2
4) Create an User Certification definition for the test user and choose
testuser2 as the reviewer and choose 'Perform closed loop remediation'
5) Login as testuser2 and complete the certification by revoking the testrole1 from testuser1.
6) Now a challenge task will be generated for the beneficiary user (tstuser1)
7) So, login as testuser1 (beneficiary) and reject the challenge.
8) Now, another challenge task will be generated for the reviewer.
9) Login as the testuser2 (reviewer ) and accept the challenge.
10) Now login as xelsysadm and search for the user testuser1 and you can see the testrole1 is revoked from the user testuser1.

Expectation: Since the reviewer has accepted the challenge, the process should stop and the beneficiary's access should not be revoked. Basically, the role shouldn't be revoked from the user.



Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms