EGRC 8.6.5.4045: "GL:Data Access Set" Global Condition not Working. (Doc ID 2001937.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Application Access Controls Governor - Version 8.6.5 to 8.6.5 [Release 8]
Information in this document applies to any platform.

Symptoms

On : 8.6.5.4045 version, Application Access Contr. Gov.

In Oracle Application Access Controls Governor (AACG), models and controls define conflicts among duties that can be assigned in a company’s applications, and identify users who have access to those conflicting duties.
AACG can also implement “preventive analysis” — it can evaluate controls as duties are assigned to users of the company’s applications, preventing them from gaining risky access.

ACTUAL BEHAVIOR
------------------------------
When using GL:Data Access Set Global Condition, Control Analysis is causing false negative and User Provisioning requests are getting auto approved.

EXPECTED BEHAVIOR
-----------------------
Using GL:Data Access Set Global Condition should not cause Control Analysis in false negative and User Provisioning requests in auto approved.

STEPS
-----------------------
The issue can be reproduced at will with the following steps:
1. Create a Control with R1 and R2 logic.
2. Create a Global condition with logic as GL:Data Access Set Equals Yes and Exclude box as unchecked.
3. In EBS, make sure R1 and R2 has same value set at responsibility level for GL:Data Access Set security profile.
Scenario1:
a. Create a user and assign R1 and R2, request End date removal.
b. In GRC, wait for UP job to finish.
c. Check the request status under Administer Access Approval, it shows approved for both R1 and R2.
Expected result: Request status for both R1 and R2 should be pending.
Scenario2:
a. In EBS, identify a user with R1 and R2.
b Run Access ETL.
c. Run the Control created in step1.
d. Check the result, it does not show user identified in step a.
Expected result: Should have shown two incidents for R1 and R2.

BUSINESS IMPACT
-----------------------
The issue has the following business impact:
Due to this issue, users cannot use user provisioning effectively.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms