Disabled policy included in identity audit scan

(Doc ID 2328212.1)

Last updated on NOVEMBER 14, 2017

Applies to:

Identity Manager - Version 11.1.2.3.0 and later
Information in this document applies to any platform.

Symptoms

Identity audit disabled policies are being picked up by the identity audit scan when they are mixed with enabled policies

The issue can be seen with the following example:

 

A user is a member of role Role1

 

 

There is an identity audit rule for Role1

 

 

and an Identity Audit Policy disabled for the above rule

 

 

Now if we define a scan for the policy  

 

 

as expected after a scan is run the scan will not report any violation because the policy is disabled

 

 

Now there is another user who is a member of role Role2

 

 

there is also an identity audit rule for Role2 

 

 

and an Identity Audit Policy enabled for the above rule

 

 

 

If we now modify our previous scan to add this new policy and user

 

 

 

and run the scan this time we will get 2 policy violations which is not correct.

 

 

 

Only one policy violation should be reported, the one associated with policy PolicyForRule2ForRole2, however we  also get the one for policy PolicyForRule1ForRole1 which is disabled.

 

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms