My Oracle Support Banner

Role Is Revoked After Reviewer Accepts The Rejected Challenge By The Beneficiary (Doc ID 2202563.1)

Last updated on APRIL 03, 2019

Applies to:

Identity Manager - Version and later
Information in this document applies to any platform.


During certification having the 'closed loop remediation' and if the reviewers rejects a role for a user, then also that role gets revoked from the user even if the reviewer accepts the rejected challenge by the beneficiary.

Steps to recreate the issue:
1) Create a test user say, <USER1> and a test role, say <ROLE1>
2) Assign <ROLE1> to the <USER1>.
3) Create <USER2>
4) Create an User Certification definition for the test user and choose
<USER2> as the reviewer and choose 'Perform closed loop remediation'
5) Login as <USER2> and complete the certification by revoking the <ROLE1> from <USER1>.
6) Now a challenge task will be generated for the beneficiary user (tstuser1)
7) So, login as <USER1> (beneficiary) and reject the challenge.
8) Now, another challenge task will be generated for the reviewer.
9) Login as the <USER2> (reviewer ) and accept the challenge.
10) Now login as OIM System Administrator and search for the user <USER1> and you can see the <ROLE1> is revoked from the user <USER1>.

Expectation: Since the reviewer has accepted the challenge, the process should stop and the beneficiary's access should not be revoked. Basically, the role shouldn't be revoked from the user.



To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.