Saving Application on Access Policy Sets 0 Value for Untouched Boolean Fields In The Target When Evaluate Users Job is Run (Doc ID 2691704.1)

Last updated on JANUARY 20, 2022

Applies to:

Symptoms

An Access Policy has an Application with Boolean fields

The only field in the above application that has a value is the field Organization Name.

The POF table which contains the data to be pushed/provisioned to the target on evaluating the access policy has only the field Organization Name with a value.

It is important to note here, that unlike in previous releases of OIM, boolean fields with no value are not stored in the POF table with a field and NULL value.

If the application in the access policy gets modified like for example adding any value to one of its fields and then saved as in the below example with the Mobile field

The POF table will not only get updated with the new field we modified (Mobile) but every boolean will be added with a value of 0 (false)

With these booleans added to 0 in the POF table, the next time the Evaluate User Policies schedule job is run those values will be push as 0 (false) to the target.

The application used for this example is for Active Directory .

Taking as example a user in Active Directory for which an Administrator has set natively values for User must change password at next logon and Password never expires to true (1) as seen below

the issue reported here will have the effect that on running the Evaluate Access Policy the previously values set to true by the Admin will be wiped out and modified by 0  as seen below.

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.