000037377 - Provisioning/Termination Rule does not create change requests to revoke entitlements if the rule also disables and deletes accounts in RSA Identity Governance & Lifecycle

Document created by RSA Customer Support Employee on Apr 23, 2019
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000037377
Applies ToRSA Product Set: Identity Governance & Lifecycle
RSA Version/Condition: 7.0.2, 7.1.0, 7.1.1
 
IssueWhen a Provisioning/Termination rule is configured with all three actions, (Disable accounts, Delete accounts, Revoke user entitlements), it will not create change requests to revoke the user entitlements.
 

Steps to reproduce



  1. Create a termination rule with below configurations.

User-added image


  1.  The below user has access to accounts, entitlements, groups, and roles. When this user is terminated, three requests (disable, delete, and revoke) should be created by the rule.

User-added image


  1. Terminate the user. Run the collections and unification.

User-added image

 

  1. The rule runs after unification. Note that only two requests are created. One to disable accounts and one to delete accounts. No request is created to revoke entitlements.

User-added image

 


User-added image



User-added image
 


User-added image


This issue occurs when a user has accounts. If the user does not have any accounts and only has user entitlements, than a CR to revoke entitlements is created as expected. 
CauseThis is a product defect reported in ACM-95904.
ResolutionThis issue is fixed in RSA Identity Governance & Lifecycle 7.0.2 P13, 7.1.0 P07 and 7.1.1 P01. Apply the appropriate patch to fix this issue.
 

Attachments

    Outcomes