SoD Violations Cascade to all Children
Last updated on MARCH 31, 2017
Applies to:Identity Manager - Version 22.214.171.124.161018 and later
Information in this document applies to any platform.
On Request Provisioning with version 126.96.36.199
When a bulk request has some children which have an SoD violation and some that do not, the violations are flagged to all of the children.
The expected behavior would be that only those requests which actually have an SoD violation, would be flagged as such.
It appears this is a known defect based on the following Oracle support docs.
-- Incorrect SOD Policy Violation Alert For Child Requests <Document 2189769.1>
-- Policy Violation Alert Displayed Incorrectly On Child Request <Document 2166316.1>
There is a fix for one of the listed issues from <Bug 24319701> which is in bundle patch 161018, but not the following use cases. The two cases that did not behave as expected, are as follows:
1. Bulk USER request
Request for multiple Users
Request has cart items that will cause a violation for one of the users, but not the other
The requester is NEVER notified that their request will cause violations, it just submits like normal
The approver is not notified that there are Policy Violations
2. Single User request with multiple catalog items
Request for a single user
Request has multiple cart items, but only one of the cart items will cause a violation for the user
The requests is notified that the request will cause violations and they must Submit with Violations
Child requests are created for each cart item
The approvers are notified that there are Policy Violations for ALL child requests (not just the one that will actually cause a violation)
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms