Same Application Instance Is Linked To User Multiple Times By Access Policy (Doc ID 2221979.1)

Last updated on JANUARY 16, 2017

Applies to:

Identity Manager - Version 11.1.2.3.5 and later
Information in this document applies to any platform.

Symptoms

With a requirement of auto account provisioning for 2 different application instances (which are using same resource object but different IT Resource). To implement this use-case, two different Access Policies were created on two different roles but in each access policy, was specified same resource object but different IT Resource in the process form section of Access Policy. Also, "Retrofit Access Policy" is set to "No" for each policy but upon creation of these access policies, when Evaluate Policy scheduled job ran it picked existing users and linked same application instance.

Upon further user data analysis, these users were already having specified role (in access policy) but application instance wasn't present in Accounts section before creation of Access Policy. The user has been assigned multiple instances of same application instance.

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms