Entitlement outside roles option is not working with indirect roles

(Doc ID 2325473.1)

Last updated on NOVEMBER 06, 2017

Applies to:

Identity Manager - Version 11.1.2.3.0 and later
Information in this document applies to any platform.

Symptoms

User certification option Entitlement outside roles is not working with entitlements provisioned by an indirect role.

The use case is the following:

There is an access policy AP1 that provision a resource LDap User and an entitlement TestRole1000

 

 

 

There is a role called indirectrole associated to the above access policy 

 

 

There is another role called directrole that inherirts from the indirect role

 

 

Role directrole is assigned to the user

 

 

Due to inheritance indirectrole is assigned automatically to the user

 

 

Because indirectrole is assigned to access policy AP1 the user gets provisioned the LDAP User resource and entitlement Testrole1000 

 

 

With the above scenario we run a user certification for the above user with the option Entitlements Outside Roles

 

 

As we selected the option Entitlements Outside Roles no entitlement provisioned by an access policy should be picked up by the certification engine however we see the opposite and TesRole1000 is there.

 

 

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms