Oracle Identity Governance (OIG) 12c: Access Policy Harvesting (APH) does not harvest Reconciled Entitlements, only harvests Accounts. (Doc ID 2907818.1)

Last updated on JANUARY 04, 2023

Applies to:

Symptoms

On a Access Policy Harvesting (APH) properly enabled setup, we observe the following behaviour:
- Create an Access Policy (AP) <AP1> in Oracle Identity Manager (OIM) that provisions E-Business Suite (EBS) Account and an Entitlement <ENT1>.
- Create an user <User1> in OIM.
- Target Reconcile an EBS Account & Entitlement <ENT1> for <User1>.
     * confirmed that OIU_Prov_Mechanism and ENT_Prov_Mechanism are set to RECONCILIATION.
- Now, change an user attribute for <User1> in OIM so that <User1 is now member of the Access Policy <AP1>
- Run Evaluate User Policies scheduled job.

Observation:
- EBS account gets harvested correctly and OIU_Prov_Mechanism gets set to AP HARVESTED with correct value set in POL_KEY in OIU Table.
- ENT1 does not get harvested.  ENT_Prov_mechanism is still set to RECONCILIATION in ENT_ASSIGN table and POL_KEY still being empty in UD child table.

Expected Results:
- Both Account and Entitlements (matching AP1) must get harvested.

Changes

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.