My Oracle Support Banner

Can't Submit Other Non-Violation Entitlement After User Provisioned With Non-Violation Entitlement (Doc ID 2344069.1)

Last updated on JANUARY 07, 2018

Applies to:

Identity Manager - Version 11.1.2.3.170418 and later
Information in this document applies to any platform.

Symptoms

OIM 11.1.2.3.5 policy violation detected incorrectly for rule containing a grouping of conditions.

Steps to reproduce
------------------

1) Create one disconnected app instance Harvest 5 Account with 2 entitlements:

Harvest 5: Developer : Global : Developer
Harvest 5: Consultant : Global : Consultant

2) Create another disconnect app instance Oracle RDBMS Account with 5
entitlements:

Oracle RDBMS : usertm1 : Global : MIC_READ_R
Oracle RDBMS : usertm1 : Global : MIC_ALL_R
Oracle RDBMS : usertm1 : Global : GTM_USR
Oracle RDBMS : usertm1 : Global : Oracle_IND
Oracle RDBMS : usertm1 : Global : Oracle_US

3) Create a user user001 and provision both application instances.

4) Create an Identity Audit Rule and then a policy for that rule making sure you select "Evaluate during Requests"

5) As xelsysadm request entitlements:

Harvest 5 : Developer : Global : Developer
Oracle RDBMS : usertm1 : Global : MIC_READ_R

6) Submit and you will see that the request is submitted with no policy violation. Approve the request so the entitlements are provisioned.

Now submit a new request for entitlement Oracle RDBMS : usertm1 : Global : GTM_USER and you will see that you will get a policy violation even if the rule defined should not trigger this violation.

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.