Deployment Configurations 4-15 For user and role entities owner matching is performed. For account entities, when no record is found, an owner match is then performed to identify the owner of the account. For role membership events, matching is performed to identify role and user. For role hierarchy events, matching is performed to identity the parent and child role. At the end of the evaluation, the match table contains all the possible matches found within Oracle Identity Manager that meet the criteria for the event, and the state of the event is updated to one of the statuses listed in Table 4–3 : Note: While performing role hierarchy and role membership reconciliation, the matching criteria must contain both Namespace and Role Name in the matching criteria. The following is an example of a matching rule: UGP.ugp_rolename=x and UGP.ugp_namespace=y Here, x is the name of the horizontal table name column that is mapped to Role Name, and y is the name of the horizontal column that is mapped to Namespace. Table 4–3 Reconciliation Status Events Status Events Description Data Received Event data has been created in the database and is ready for further processing. Event Received A reconciliation event has been created and is ready for further processing. The finishReconciliationEvent API has not yet been called. Data Validation Failed The reconciliation event record is invalid. For example, a role event with an invalid role category will fail to validate. This situation could indicate a race condition. The RE_NOTE field should contain the details of the failure, which is also displayed in the user interface. Data Validation Succeeded The event data was successfully validated and the event can now safely be processed by the Engine. Multiple Accounts Match Found Given the current matching rules, multiple matching account records were found for the data. No Account Match Found Given the current matching rules, no matching account records were found for the data. Single Account Match Found Given the current matching rules, one matching account record was found for the data. Multiple Org Matches Found Given the current matching rules, multiple matching organization records were found for the data. No Org Match Found Given the current matching rules, no matching organization records were found for the data. Single Org Match Found Given the current matching rules, one matching organization record was found for the data. Multiple Role Grants Match Found Multiple matching records for user membership within a role were found. No Role Grant Match Found No matching records for user membership within a role were found. 4-16 Oracle Fusion Middleware Users Guide for Oracle Identity Manager

4.2.2.7.2 Action Module This module applies the action based on the event state, entity

type, and the action rules, as listed in Table 4–4 : Single Role Grant Match Found One matching record for user membership within a role was found. Multiple Roles Match Found Given the current matching rules, multiple matching role records were found for the data. No Role Match Found Given the current matching rules, no matching role records were found for the data. Single Role Match Found Given the current matching rules, one matching role record was found for the data. No Role Members Found The Reconciliation Engine did not find role members matching the data, given the current matching rules. No Role Parent Found The Reconciliation Engine did not find a role matching the data, given the current matching rules. Multiple Role Relationships Match Found Given the current matching rules, reconciliation has found multiple role-to-role relationships that match data in the event. No Role Relationship Match Found Given the current matching rules, reconciliation did not find any role-to-role relationships that match data in the event. Single Role Relationship Match Found Given the current matching rules, reconciliation has found one role-to-role relationship that matches data in the event. Multiple Users Match Found Given the current matching rules, multiple matching user records were found for the data. No User Match Found Given the current matching rules, no matching user records were found for the data. Single User Match Found Given the current matching rules, one matching user record was found for the data. Invalid Event Data Passed The event contains invalid data. This status pertains to the e-mail attribute. Being Re-evaluated The reconciliation event is being reevaluated from the reconciliation management console. Being Re-tried The reconciliation event is being retried automatically. This status event has been deprecated. Creation Failed The useraccountrole entity was not created successfully. Creation Succeeded The useraccountrole entity was created successfully. Delete Failed The useraccountrole entity was not successfully deleted. Delete Succeeded The useraccountrole entity was deleted successfully. Event Closed The reconciliation event was closed from the reconciliation management console. The change is complete. Update Failed The useraccountrole entity was not updated successfully. Update Succeeded The useraccountrole entity was updated successfully. Table 4–3 Cont. Reconciliation Status Events Status Events Description Deployment Configurations 4-17 Table 4–4 Action Rules Event State Entity Type Action Description No User Match Found User No Action Does not perform any action Create User Creates a user in Oracle Identity Manager No Account Match Found Account No Action Does not perform any action User Matched User or Account No Action Does not perform any action User Establish Link Modifies or deletes the matched user based on the change type Account Establish Link Owner identified - creates an account Users Matched User or Account No Action Does not perform any action Account Matched Account No Action Does not perform an action Establish Link Modifies or revokes the account based on the change type Accounts Matched No Action Does not perform any action No Role Match Found Role No Action Does not perform any action Single Role Match Found Role No Action Does not perform an action Establish Link Modify or delete a role Role Membership Create role membership Grant a role member to Oracle Identity Manager Delete role membership Delete a role member from Oracle Identity Manager No action Does not perform an action Role Hierarchy Create role hierarchy Creates a role hierarchy in Oracle Identity Manager Delete role hierarchy Delete a role hierarchy in Oracle Identity Manager No action Does not perform an action Multiple Roles Matched Role, Role membership and Role Hierarchy No action Does not perform an action No Role Grant Match Found Role Membership No Action Does not perform an action Create Role Member Creates a role member in Oracle Identity Manager Single Role Grant Match Found Role Membership No action Does not perform an action Establish Link Delete role member