Certification With "include Entitlements Provisioned By Access Policy" Option Not Working
(Doc ID 2705035.1)
Last updated on SEPTEMBER 02, 2020
Applies to:Identity Manager - Version 18.104.22.168.0 and later
Information in this document applies to any platform.
The certification definition has "include entitlements provisioned by access policy" not checked and this should ignore all the entitlements provisioned via access policy but it only ignore entitlements where Ent_assign_prov_mechanism="ACCESS POLICY" and not AP HARVESTED and ACCESS POLICY VIA REQUEST.
Steps to create the issue:
System properties setting requirement:
Account Discriminator set to true in Parent form in design console.
1. Create any test user and assign him role TestRole1 (this role is tied to the access policy 1 to provision OUD account with no entitlement) and run Evaluate User Policies job. The testing user should have an OUD provisioned
2. Have him login identity console and request two entitlements TestRole1005 and TestRole1006 and complete the request so that entitlements TestRole1005 and TestRole1006 were provisioned
3. Assign this user role TestRole2 (this role is tied to access policy 2 configured with 2 OUD entitlements TestRole1005 and TestRole1006) and run the Evaluate User Policies job. Now ENT_ASSIGN_PROV_MECHANISM column has new records with ACCESS POLICY VIA REQUEST entitlements.
4. Create the certification task as Entitlement type of certification, and uncheck the Include Entitlements Provisioned By Access Policy option
5. Run the job, and it includes the entitlements with 'ACCESS POLICY VIA REQUEST'
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document