My Oracle Support Banner

Oracle Identity Governance (OIG) When Removing Entitlements From a User Account, the ENT_ASSIGN Entry Is Not Removed and the ENT_LIST_HIST is No Longer Updated (Doc ID 2880845.1)

Last updated on JULY 18, 2022

Applies to:

Identity Manager - Version to [Release 12c]
Information in this document applies to any platform.


In OIG (patch 34066601), when revoking an Entitlement from a provisioned user account:

Prior to OIG12. and also in and in, when removing an Entitlement from a provisioned user account, the ENT_ASSIGN_HIST table was updated with the removed Entitlement for auditing and the ENT_ASSIGN and child table entry was removed.

The change in behavior results in OIM being allowed to provision the child entry which creates duplicate Entitlements.

This is caused by an ER Bug 16305078. Normally, every child table will have a DB trigger which moves the data from UD child table to ENT_ASSIGN table and this trigger invokes the stored procedure OIM_SP_MANAGEENTITLEMENT. This ER has changed the UD child table's trigger definition where the 4th parameter is changed from NULL to UD_<CHILD_TABLE>_KEY for DELETE operation.

If the connector is installed freshly after applying the BP, the 4th parameter will have the right value (i.e UD_<CHILD_TABLE>_KEY instead of NULL) and there is no issue.

The issue happens only for the resources/app-instances installed prior to


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.