During the cleanup phase of database maintenance, Identity Governance removes the following types of data from the operations database (types are listed alphabetically).
NOTE:The conditions listed for each type of data to be purged can change if scenarios come up where it is determined that the conditions need to be amended.
Can be purged only when the request is completed, which includes one of the following states:
Request was denied approval
Request was declined fulfillment
Request was fulfilled and verified
Request was fulfilled and verification failed
Can be purged only when retention time is specified and facts are older than the specified retention time.
Can be purged if:
Has been deleted or it is an old version of a business role
Is not referenced from any review definitions or review items
Is not referenced from any change request items
Can be purged if it has been deleted.
Can be purged if the category has been deleted.
Can be purged if policy has been deleted.
Can be purged if:
Is not currently running, that is it must be in a canceled, failed, completed, or terminated state
Its data is not part of any snapshot (snapshots containing a collection’s data must be purged first)
Can be purged if has been deleted.
Can be purged if:
Is not scheduled for collection
Is not currently being collected or published
Has been deleted
Is not part of a snapshot (snapshots containing data from data source must be purged first)
Additionally, when data source is an application it can be purged if the application:
Is not a parent to another application
Is not referenced by a business role
Has no permissions referenced by a technical role
Has no permissions referenced by a business role
Has no permissions referenced by a Separation of Duty policy
Can be purged if:
Policy has been deleted
There are no requests associated with the policy (requests associated with the policy must be purged first)
Can be purged if:
Policy has been deleted
There are no requests associated with the policy (requests associated with the policy must be purged first)
Can be purged if:
Has been deleted
Is not referenced by a review instance (review instances must be purged first)
Is not referenced by a certification policy (certification policies must be purged first)
Is not referenced by a remediation from a certification or data policy
Can be purged if:
Is not running, that is has been canceled, experienced an error, or has completed certification
Is not referenced by a change request item action that is still pending, that is its not in a final verified or error state
NOTE:Materialized views, if any, are also purged when review instances are purged.
Can be purged if:
Is in the error, canceled, or completed state
If in completed state, there must be another completed risk score status of the same entity type that has a later start time
Can be purged if:
Case is closed
There are no change request items that were made to resolve the case or, if there are change request items associated with the case, they are all in a final verified or error state and not still pending fulfillment
Can be purged if:
Has been deleted
Is not referenced in a Separation of Duties case (Separation of Duties cases should be purged first)
There are no access requests that had potential SoD violations for the policy (such access requests must be purged first)
Can be purged if:
Is not the current snapshot of the Identity Governance catalog
Is not a precursor to another snapshot
Is not referenced by a review instance
There are no Separation of Duties violations for users or accounts in the snapshot
There are no technical roles that reference permissions in the snapshot
Can be purged if:
Has been deleted from the Identity Governance catalog
Is not referenced by a review instance
Is not referenced by a Separation of Duties policy
Is not referenced by a Review Definition
Is not referenced by a business role
Can be purged when fact tables are available in schema even after custom facts are unregistered from fact catalog.