Disabled policy included in identity audit scan
(Doc ID 2328212.1)
Last updated on NOVEMBER 14, 2017
Applies to:Identity Manager - Version 22.214.171.124.0 and later
Information in this document applies to any platform.
Identity audit disabled policies are being picked up by the identity audit scan when they are mixed with enabled policies
The issue can be seen with the following example:
A user is a member of role Role1
There is an identity audit rule for Role1
and an Identity Audit Policy disabled for the above rule
Now if we define a scan for the policy
as expected after a scan is run the scan will not report any violation because the policy is disabled
Now there is another user who is a member of role Role2
there is also an identity audit rule for Role2
and an Identity Audit Policy enabled for the above rule
If we now modify our previous scan to add this new policy and user
and run the scan this time we will get 2 policy violations which is not correct.
Only one policy violation should be reported, the one associated with policy PolicyForRule2ForRole2, however we also get the one for policy PolicyForRule1ForRole1 which is disabled.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document