My Oracle Support Banner

Disabled policy included in identity audit scan (Doc ID 2328212.1)

Last updated on NOVEMBER 14, 2017

Applies to:

Identity Manager - Version and later
Information in this document applies to any platform.


Identity audit disabled policies are being picked up by the identity audit scan when they are mixed with enabled policies

The issue can be seen with the following example:


A user is a member of role Role1



There is an identity audit rule for Role1



and an Identity Audit Policy disabled for the above rule



Now if we define a scan for the policy  



as expected after a scan is run the scan will not report any violation because the policy is disabled



Now there is another user who is a member of role Role2



there is also an identity audit rule for Role2 



and an Identity Audit Policy enabled for the above rule




If we now modify our previous scan to add this new policy and user




and run the scan this time we will get 2 policy violations which is not correct.




Only one policy violation should be reported, the one associated with policy PolicyForRule2ForRole2, however we  also get the one for policy PolicyForRule1ForRole1 which is disabled.




To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.