2 Replies Latest reply: Nov 7, 2012 12:18 PM by 763677 RSS

    [OIM 9.1.0.2] RESOURCE NOT REVOKED BY ACCESS POLICY WHEN USER DISABLED

    763677
      Hi Experts,
      OIM Build Number: 1866.62 ( BP15 )

      IHAC that faced an unexpected behavior on User disabling.

      Some users were associated to groups that had access policies applied.
      When those users were disabled, they didnt lose their associated groups and also the resource and permission associated thru access policy applied to those groups.

      I saw that there was a bug reported to that issue. So I performed the action plan and set up the XL.EvaluateMembershipForInactiveUser System Property as TRUE. Now after disabling the users are properly removed from groups.

      Customer problem: For those users, almost 1000, I did a recon just to estimule the identity, so the membership rule was applied and the groups were removed, but OIM didn't evaluate the access policies and didn't revoke the resources.

      I ran the Evaluate User Policies task, and it seems to be stuck. Should the Evaluate User Policies schedule task work for that scenario? Should the resource after running that task be revoked?

      Any help would be very appreciated.