Deleted Entitlements In The Access Policy Are Not Removed In The Target Application
(Doc ID 2302485.1)
Last updated on MARCH 14, 2019
Applies to:Identity Manager - Version 18.104.22.168.161018 and later
Information in this document applies to any platform.
1. Created Access policy attached to an OIM role which will provision two entitlements roles from EBS
2. Created user and assigned that OIM role to trigger AP and Ran Evaluate user policy
3. User's account got provisioned with two entitlements roles in OIM
4. Same can be seen in Target EBS
5. Added one extra entitlement role to Access policy
6. Ran Evaluate user policy
7. User got provisioned that newly added role both in OIM and target
8. Removed one entitlement role from Access policy
9. Ran Evaluate user policy
10. User got de-provisioned from that entitlement role and same can be seen in OIM as well Target
11. Now removed all entitlements roles i.e. remaining two entitlements roles from Access policy
12. Ran Evaluate user policy
13. This roles are not removed from OIM as well target. This is the issue
Currently OIM does not consider the scenario when the last entitlement of an AP is removed it does not remove that entitlements in OIM (at user level) and also in the target.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!