Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000036896 - Access User Access Review not showing indirect entitlements associated with a role for RSA Identity Governance & Lifecycle 7.x

Document created by RSA Customer Support

on Dec 11, 2018•Last modified by RSA Customer Support

on Dec 11, 2018

Version 2Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000036896
Applies To	RSA Product Set: Identity Governance & Lifecycle RSA Version/Condition: 7.0.2, 7.1.0
Issue	RSA Identity Governance & Lifecycle Access User Access Review is not showing indirect entitlements associated with a role when filtering the contents by business source. Only a portion of the user entitlements associated with a particular business source or application are shown even though the user is known to have other entitlements.
Cause	This is by design. The Contents tab of the User Access Review can be used to filter entitlements by business source. Select the Contents tab and check the Filter business sources checkbox and then select the business sources using various criteria. When filtering entitlements by business source and selecting an application name as the business source the review will only display direct entitlements. Indirect entitlements associated with a role will not be shown even if those entitlements are part of the application. This is because a role is a business source and entitlements associated with a role belong to the business source associated with the role set to which that that role belongs.
Resolution	The User Access Review can include roles and the role can display role entitlements. You can include these roles on the User Access Review by ensuring that the include roles checkbox is enabled and by adding the application role set that is associated with the roles is included as a business source for the review. For example, to include role based entitlements for the Aveksa application in addition to direct entitlements add the role set that contains the role as a business source. This will allow the User Access Review to include roles on the review.
Notes	Note that this may not be a practical solution depending on the business requirements for the review. The roles themselves will be reviewed not the indirect entitlements associated with the role. The role set may cover more than one business source or application. These are limitations of mixing Role based and direct entitlements. Customers intending on leveraging the role based access model should consider this when designing reviews.

Attachments

Outcomes

0 Comments

Recommended Content