Oracle Identity Governance (OIG) 12.2.1.4 Accounts in "Provisioning" Status Where the Related Role/Access Policy (AP) is Revoked Causes AP Evaluation to Not Provision New Accounts
(Doc ID 2864225.1)
Last updated on FEBRUARY 05, 2024
Applies to:
Identity Manager - Version 12.2.1.4.210428 and laterInformation in this document applies to any platform.
Symptoms
In this scenario, there is an account in "Provisioning" status what has been provisioned by a role and associated Access Policy. A new role/Access Policy is added which should provision a new account for this user. When the "Evaluate User Policies" scheduled job is run, the new account that should be provisioned will not be provisioned. Instead, the logs will show that a rollback is generated. At the bottom of the stack, it shows an attempt to revoke/disable the original account in "Provisioning" status.
From the logs:
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Cause |
Solution |
References |