|Applies To||RSA Product Set: Identity Governance & Lifecycle|
RSA Version/Condition: 7.0.2, 7.1.0, 7.1.1
|Issue||A change request to remove role access from a user tries to remove an AD group entitlement (indirect access from a role) which no longer exists as user access. This causes errors in the change request and the change request cannot be completed.|
User accounts belonging to AD groups are later given access to the same AD groups via a role.
A termination rule to trigger for terminated users with action to disable and delete the accounts will trigger when the user is terminated.
|Cause||When a user is given group access via an account and later given the same group access via a role and the account is then deleted from the user, the group also gets deleted. When the role is explicitly removed from the user, the deleted group is listed as a change request item under the user changes and the change request attempts to remove the group access again.|
This issue is fixed in 7.0.2 P14, 7.1.0 P07, and 7.1.1 P01.