My Oracle Support Banner

Auditable Catalog Flag not Taken Into Account by Identity Audit (Doc ID 2621096.1)

Last updated on DECEMBER 17, 2019

Applies to:

Identity Manager - Version 11.1.2.3.0 and later
Information in this document applies to any platform.

Symptoms

 

Entities in OIM like Entitlements, Roles, Accounts, etc... can be flagged with the flag Auditable

 

 

This flag is similar to the flag certifiable that makes entities Certifiable, in this case Auditable makes an entity to be available for the Identity Audit engine.

In the above screenshot Role TestRole has been made Auditable whcih indicates that the Identity Audit engine should select it and use it during identity audit.

Let's see an example of the above case.

The following Identity Audit rule was created:

 

 

The policy associated to the above Identity Audit Rule is the following:

 

 

In the above policy the flag Evaluate During Request was selected which means that the identity audit will report a violation during a request.

We can see this if a user tries to request the TestRole role

 

 

If the Auditable flag is unchecked in role TestRole

 

 

 

the expectations is that this role is not taking into account by the Identity Audit engine.

If a request for that role is submitted with the role not flagged as Auditable the expected behavior does not happen and the role is still picked up by the Identity Audit engine

 

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.