Auditable Catalog Flag not Taken Into Account by Identity Audit
(Doc ID 2621096.1)
Last updated on DECEMBER 17, 2019
Applies to:Identity Manager - Version 184.108.40.206.0 and later
Information in this document applies to any platform.
Entities in OIM like Entitlements, Roles, Accounts, etc... can be flagged with the flag Auditable
This flag is similar to the flag certifiable that makes entities Certifiable, in this case Auditable makes an entity to be available for the Identity Audit engine.
In the above screenshot Role TestRole has been made Auditable whcih indicates that the Identity Audit engine should select it and use it during identity audit.
Let's see an example of the above case.
The following Identity Audit rule was created:
The policy associated to the above Identity Audit Rule is the following:
In the above policy the flag Evaluate During Request was selected which means that the identity audit will report a violation during a request.
We can see this if a user tries to request the TestRole role
If the Auditable flag is unchecked in role TestRole
the expectations is that this role is not taking into account by the Identity Audit engine.
If a request for that role is submitted with the role not flagged as Auditable the expected behavior does not happen and the role is still picked up by the Identity Audit engine
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document