Saving Application on Access Policy Sets 0 Value for Untouched Boolean Fields In The Target When Evaluate Users Job is Run
(Doc ID 2691704.1)
Last updated on JULY 20, 2020
Applies to:Identity Manager - Version 184.108.40.206.0 and later
Information in this document applies to any platform.
An Access Policy has an Application with Boolean fields
The only field in the above application that has a value is the field Organization Name.
The POF table which contains the data to be pushed/provisioned to the target on evaluating the access policy has only the field Organization Name with a value.
It is important to note here, that unlike in previous releases of OIM, boolean fields with no value are not stored in the POF table with a field and NULL value.
If the application in the access policy gets modified like for example adding any value to one of its fields and then saved as in the below example with the Mobile field
The POF table will not only get updated with the new field we modified (Mobile) but every boolean will be added with a value of 0 (false)
With these booleans added to 0 in the POF table, the next time the Evaluate User Policies schedule job is run those values will be push as 0 (false) to the target.
The application used for this example is for Active Directory .
Taking as example a user in Active Directory for which an Administrator has set natively values for User must change password at next logon and Password never expires to true (1) as seen below
the issue reported here will have the effect that on running the Evaluate Access Policy the previously values set to true by the Admin will be wiped out and modified by 0 as seen below.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document