My Oracle Support Banner

Entitlement outside roles option is not working with indirect roles (Doc ID 2325473.1)

Last updated on NOVEMBER 06, 2017

Applies to:

Identity Manager - Version and later
Information in this document applies to any platform.


User certification option Entitlement outside roles is not working with entitlements provisioned by an indirect role.

The use case is the following:

There is an access policy AP1 that provision a resource LDap User and an entitlement TestRole1000




There is a role called indirectrole associated to the above access policy 



There is another role called directrole that inherirts from the indirect role



Role directrole is assigned to the user



Due to inheritance indirectrole is assigned automatically to the user



Because indirectrole is assigned to access policy AP1 the user gets provisioned the LDAP User resource and entitlement Testrole1000 



With the above scenario we run a user certification for the above user with the option Entitlements Outside Roles



As we selected the option Entitlements Outside Roles no entitlement provisioned by an access policy should be picked up by the certification engine however we see the opposite and TesRole1000 is there.





To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.