Indirect Assignments of System Entitlements to Business Roles by System Roles


I observe a strange behaviour on indirect assignments of System Entitlements to Business Roles (OrgHasUNSGroupB) in One Identity Manager 8.1.2 compared to the old system as 6.1.4


1. Create a System Role (ESet)

2. Create and Assign a System Entitlement to this System Role (ESetHasEntitlement -> UNSGroupB)

3. Create and Assign a Busines Role to the System Role (OrgHasESet)

In both versions the Role Class (OrgRoot) does not allow an assignment of System Entitlements, neither direct nor indirect.

My Observation:

In 6.1.4 the System Entitlement was assigned to the Business Role which was assigned to the System Role with the System Entitlement Assignment (OrgHasUNSGroupBTotal Entry with viInherite = 2 indirect)

In 8.1.2 there is no System Entitlement assignment to the Business Role at all. I had expected an OrgHasUNSGroupB Entry with XOrigin = Indirect assignment

Does the system behaviour has changed in 8.1.2 compared to 6.1.4 or did I missed something, maybe a config parameter I didn't noticed?

The configuration looks good to me (also in comparison to to the old 6.1.4 system).

Any helpful answers are welcome. Many Thanks.