Entitlement outside roles option is not working with indirect roles
(Doc ID 2325473.1)
Last updated on NOVEMBER 06, 2017
Applies to:Identity Manager - Version 126.96.36.199.0 and later
Information in this document applies to any platform.
User certification option Entitlement outside roles is not working with entitlements provisioned by an indirect role.
The use case is the following:
There is an access policy AP1 that provision a resource LDap User and an entitlement TestRole1000
There is a role called indirectrole associated to the above access policy
There is another role called directrole that inherirts from the indirect role
Role directrole is assigned to the user
Due to inheritance indirectrole is assigned automatically to the user
Because indirectrole is assigned to access policy AP1 the user gets provisioned the LDAP User resource and entitlement Testrole1000
With the above scenario we run a user certification for the above user with the option Entitlements Outside Roles
As we selected the option Entitlements Outside Roles no entitlement provisioned by an access policy should be picked up by the certification engine however we see the opposite and TesRole1000 is there.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document