Identity Audit (SoD) Scan Creates Policy Violation Task For Risk Accepted Conflicting Role

(Doc ID 2370666.1)

Last updated on MARCH 07, 2018

Applies to:

Identity Manager - Version 11.1.2.3.0 and later
Information in this document applies to any platform.

Symptoms

The Policy violation task is getting assigned even though one of the roles is closed as Risk Accepted and the task is completed with "Remediation Completed" status.


STEPS TO REPRODUCE
-------------------------

1. Create an Identity Audit Rule with the following conditions.

role[*].Role Name Equal role1
AND
role[*].Role Name Equal role2

2. Assign those two roles to an user.

3. SoD scan runs and detect this user part of conflict and creates a policy violation task and assigns to remediator.

4. Remediator takes 'Risk Accepted' on one of the two roles and completes the policy violation task without touching other conflicting role.

5. Policy violation task status gets updated as 'Remediation Completed'

6. OIM runs same scan again.

7. Scan detects same violation for the same user and again assigns the same violation task to same remediator even one of the conflicting role was accepted as risk before.

 

Changes

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms