During the cleanup phase of database maintenance, Identity Governance removes some entity types from the operations database, and so, Identity Governance selects these data types by default. However, there are a few entity types which are not cleaned up by default and requires manual selection.
To view the list of entity types which are eligible for cleanup, click show. Select from the following entity types the purgeable data for cleanup:
Collection and publication
Can be purged when the account upload data production is complete and the container that contains the entities created during the upload is not a part of the current snapshot.
There are three types of data production that can be purged:
Collection
Can be purged if:
Collection is not running
Version column is not previous or current
Publish change production does not reference the collection (publish changes production including child production associated with the collection must be purged first)
Entity container does not have entities that reference the collection or any of its child data collection
Publish all
Can be purged if the publish all production is not running for an application and the entity container does not have entities that reference the production. However, snapshots containing the publication must be purged first.
Publish changes
Can be purged if:
The publish changes production is not running for an application
The entity container does not have entities that reference the production
The publish changes production is not the latest that is run for the application. The latest production is retained.
Can be purged if:
It is not currently running, and is in a canceled, failed, completed, or terminated state
Its data is not part of any snapshot (snapshots containing data from a collection must be purged first)
Can clean up data production records that are not cleaned up by any other cleanup type.
Can be purged if it:
Is not scheduled for collection
Is not currently being collected or published
Was deleted
Is not part of a snapshot (snapshots containing data from data source must be purged first)
Additionally, when the data source is an application, it can be purged if the application:
Is not a parent of another application
Is not referenced by a business role
Has no permissions referenced by a technical role
Has no permissions referenced by a business role
Has no permissions referenced by a separation of duty (SoD) policy
Can be purged when the permission upload data production is complete and the container that contains the entities created during the upload is not part of the current snapshot.
Can be purged when the data production for the RTC batch (or RTC ingestion) is complete, failed with an error, or was canceled. Real time collection cannot be in progress.
Can be purged if it:
Is not the current snapshot of the Identity Governance catalog
Is not a precursor to another snapshot
Is not referenced by a review instance
No Separation of Duties violations exist for users or accounts in the snapshot
No technical roles exist that reference permissions in the snapshot
Can be purged if:
The entity container is not associated with any snapshot, snapshots that reference the entity container must be purged first
The entity container is not a result of one of the following data producer types:
Curator
Autocurator
Mortician
Historian
The entity container is not the latest version for the data producer whose type is collector
Entity records from these data producer types is not associated with any snapshot, but should not be deleted.
Can be purged if the user upload data production is complete and the container that contains the entities created during the upload is not part of the current snapshot.
Data production
Can be purged if it:
Is in its final state and has been completed, canceled, failed, or terminated
Is not the last calculation or the last completed calculation production for the certification policy it is associated with
Can be purged if:
It is in its final state and has been completed, canceled, failed, or terminated
It is not the last data collection or the last completed data collection for the data collector it is associated with
The data collected by the data collection (such as users, permissions, accounts) have all been purged first by snapshots and snapshot versions
The data source collection data production it is associated with is in its final state and has been completed, canceled, failed, or terminated
Can be purged if it:
Is in its final state and has been completed, canceled, failed, or terminated
Is not the last calculation or the last completed calculation production for the data policy it is associated with
Can be purged if:
It is in its final state and has been completed, canceled, failed, or terminated
It is not referenced by any data collection productions (data collection productions that reference the data source collection must be purged first)
It is for an application data source or an application definition data source, its version is deletable and it is not referenced from a process change event production
It is not the last data source collection or the last completed data source collection for the data source it is associated with
Can be purged if it is in its final state and has been completed, canceled, failed, or terminated and there are no data test collection productions associated with it. Any associated data test collection productions must be purged first.
Can be purged if the test collection production and its associated data source is in its final state and has been completed, canceled, failed, or terminated.
Can be purged if:
It is in its final state and has been completed, canceled, failed, or terminated
It is not the last identity publication or the last successful identity publication
The data published by the identity publication (such as users and groups) has all been purged first by snapshots and snapshot versions.
Can be purged if:
It is in its final state and has been completed, canceled, failed, or terminated
It is not the last job end or the last completed job end production for the schedule it is associated with or it is not associated with a schedule
It is not a prerequisite to any data productions or any data productions to it (other than the job start productions). All prerequisites productions (other than job start production) must be purged first. All productions it is a prerequisite to must be purged first
Can be purged if:
It is in its final state and has been completed, canceled, failed, or terminated
It is not referenced by any job end production (associated job end productions must be purged first)
It is not a prerequisite to any data productions. All productions it is a prerequisite to must be purged first
Can be purged if:
It is in its final state and has been completed, canceled, failed, or terminated
It is not the last policy detection or the last completed policy detection production for the policy it is associated with
Can be purged if:
It is in its final state and has been completed, canceled, failed, or terminated
It is not the last provisioning production or the last completed provisioning production for the application it is associated with
There are no associated change request items that are not in their final state
Can be purged if it is in its final state and has been completed, canceled, failed, or terminated and the associated review instance is not in a starting or start preview state.
Can be purged if:
It is in its final state and has been completed, canceled, failed, or terminated
It is not the last risk score production or the last completed risk score production for the risk score configuration it is associated with
Can be purged if:
It is in its final state and has been completed, canceled, failed, or terminated
It is not the last provisioning production or the last completed provisioning production for the application it is associated with or it is not associated with an application
History
Can be purged when the account record is marked as history and resides in the special history container.
Can be purged at any time.
Can be purged anytime. The merged histories are purged based on the Merge Event Time.
Can be purged when the permission record is marked as history and resides in the special history container.
Can be purged when the user record is marked as history and resides in the special history container.
Miscellaneous
Can be purged only when retention time is specified and facts are older than the specified retention time.
Can be purged when the associated change request item is in a final fulfillment state. Final fulfillment states include:
Request refusal
Error fulfilling the request
Request verified
Request not verified and verification ignored
Verification timed out
Can be purged if it was deleted.
Can be purged if the category was deleted.
Cleans up custom forms.
Can be purged at any time.
Can be purged when fact tables are available in the schema, even after custom facts are unregistered from fact catalog.
NOTE:The purge conditions for each data type might change if a new scenario occurs that determines that the conditions have changed.
Policy
Access request and approval policy
Can be purged only when the request is complete, which includes one of the following states:
Request was denied approval
Request was declined fulfillment
Request was fulfilled and verified
Request was fulfilled and verification failed
Can be purged when there are no access requests that reference the approval policy and the policy is deleted.
Can be purged when there are no access requests that reference the policy and the policy is deleted.
Auto resolution policy
Can be purged if it is not currently running, and is in a canceled, failed, or completed state.
Can be purged when there are no auto resolutions that reference the policy and the policy is deleted.
Business role policy
Can be purged if it:
Has been deleted or it is an old version of a business role
Is not referenced from any review definitions or review items
Is not referenced from any change request items
Can be purged when they are deleted. Business role authorizations are marked deleted when a business role detection removes them.
Can be purged if the business role detection is not currently running, because detection either completed successfully, failed, or was canceled.
Can be purged when they are deleted. Business role memberships are marked deleted when a business role detection removes them.
Can be purged if the detection has been marked as deleted.
Certification policy
Can be purged if policy was deleted.
Can be purged if the violation was resolved.
Data policy and control
Can be purged if it was deleted.
Can be purged if the violation was resolved.
Can be purged if it is old, based on the timestamp. A remediation run will not be deleted if it is the only run for a policy remediation.
Can be purged if it:
Is in the error, canceled, or completed state
Is in completed state, and there is another completed risk score status of the same entity type with a later start time
Separation of duty policy
Can be purged if the policy record was deleted.
Can be purged if:
The case is closed
No change request items were made to resolve the case or, if there are change request items associated with the case, they are all in a final verified or error state and not still pending fulfillment
Can be purged if it:
Was deleted
Is not referenced in an SoD case (SoD cases should be purged first)
No access requests with potential SoD violations for the policy exist (Such access requests must be purged first)
A separation of duties (SoD) detection is information associated with an SoD case that keeps track of the detection history for the SoD case. These detections are also purged if an SoD case itself is purged.
The SoD detection purge allows the detection history to be purged without having to purge the SoD case. SoD detection can be purged only if it is not the most recent detection for the SoD case.
Can be purged if it:
Was deleted from the Identity Governance catalog
Is not referenced by a review instance
Is not referenced by an SoD policy
Is not referenced by a Review Definition
Is not referenced by a business role
Can be purged if the technical role assignment was deleted (unassigned).
Review
Can be purged if it:
Was deleted
Is not referenced by a review instance (review instances must be purged first)
Is not referenced by a certification policy (certification policies must be purged first)
Is not referenced by a remediation from a certification or data policy
Can be purged if it:
Is not running, and was canceled, experienced an error, or completed certification
Is not referenced by a pending change request item action (is not in a final verified or error state)
NOTE:Materialized views, if any, are purged when review instances are purged.
Can be purged if:
The policy was deleted
No requests associated with the policy exist (requests associated with the policy must be purged first)
Can be purged if:
The policy was deleted
No requests associated with the policy exist (requests associated with the policy must be purged first)