Oracle Identity Governance (OIG) 12c: Access Policy Harvesting (APH) does not harvest Reconciled Entitlements, only harvests Accounts.
(Doc ID 2907818.1)
Last updated on JANUARY 04, 2023
Applies to:Identity Manager - Version 188.8.131.52.220413 and later
Information in this document applies to any platform.
On a Access Policy Harvesting (APH) properly enabled setup, we observe the following behaviour:
- Create an Access Policy (AP) <AP1> in Oracle Identity Manager (OIM) that provisions E-Business Suite (EBS) Account and an Entitlement <ENT1>.
- Create an user <User1> in OIM.
- Target Reconcile an EBS Account & Entitlement <ENT1> for <User1>.
* confirmed that OIU_Prov_Mechanism and ENT_Prov_Mechanism are set to RECONCILIATION.
- Now, change an user attribute for <User1> in OIM so that <User1 is now member of the Access Policy <AP1>
- Run Evaluate User Policies scheduled job.
- EBS account gets harvested correctly and OIU_Prov_Mechanism gets set to AP HARVESTED with correct value set in POL_KEY in OIU Table.
- ENT1 does not get harvested. ENT_Prov_mechanism is still set to RECONCILIATION in ENT_ASSIGN table and POL_KEY still being empty in UD child table.
- Both Account and Entitlements (matching AP1) must get harvested.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document