My Oracle Support Banner

Oracle Identity Governance (OIG)12.2.1.4.220413: When Removing Entitlements From a User Account, the ENT_ASSIGN Entry Is Not Removed and the ENT_LIST_HIST is No Longer Updated (Doc ID 2880845.1)

Last updated on JULY 18, 2022

Applies to:

Identity Manager - Version 12.2.1.4.220413 to 12.2.1.4.220413 [Release 12c]
Information in this document applies to any platform.

Goal

In OIG 12.2.1.4.220413 (patch 34066601), when revoking an Entitlement from a provisioned user account:

Prior to OIG12.2.1.4.220413 and also in 11.1.2.3 and in 12.2.1.3, when removing an Entitlement from a provisioned user account, the ENT_ASSIGN_HIST table was updated with the removed Entitlement for auditing and the ENT_ASSIGN and child table entry was removed.

The change in behavior results in OIM being allowed to provision the child entry which creates duplicate Entitlements.

This is caused by an ER Bug 16305078. Normally, every child table will have a DB trigger which moves the data from UD child table to ENT_ASSIGN table and this trigger invokes the stored procedure OIM_SP_MANAGEENTITLEMENT. This ER has changed the UD child table's trigger definition where the 4th parameter is changed from NULL to UD_<CHILD_TABLE>_KEY for DELETE operation.

If the connector is installed freshly after applying the 12.2.1.4.220413 BP, the 4th parameter will have the right value (i.e UD_<CHILD_TABLE>_KEY instead of NULL) and there is no issue.

The issue happens only for the resources/app-instances installed prior to 12.2.1.4.220413.

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.