OIA Not Flagging A Policy Violation When It Should (Doc ID 2211894.1)

Last updated on FEBRUARY 11, 2017

Applies to:

Oracle Identity Analytics - Version 11.1.1.5.8 and later
Information in this document applies to any platform.

Goal

In OIA 11.1.1.5.8 certain rules do not seem to flag up violations, even though there are users who should be violating these rules. This seems to apply to rules combined together with an AND policy.

In generic terms we have a:
Rule A: Condition A1 (identifying a resource) and Condition A2 (identifying an entitlement for that resource)
Rule B: Condition B1(identifying a different resource) and Condition B2 (identifying an entitlement for that resource)
Rule C: (Condition A1 and Condition A2) AND (Condition B1 and Condition B2)
  (i.e. effectively Rule A and Rule B)

(The rules A and B refer to 2 different resources a user may have.)

A user satisfies both Rule A and Rule B (and so should satisfy Rule C)

Create a policy on Rule A and a violation is flagged.

Create a policy on Rule B and a violation is flagged.

Create a policy on Rule C and NO violation is flagged.


 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms