|Applies To||RSA Product Set: Identity Governance & Lifecycle|
RSA Version/Condition: 7.0.2, 7.1.0, 7.1.1
You have a fine-grained role review which allows role reviewers the ability to remove members and entitlements from roles. It also allows role reviewers the ability to delete roles and all their associated members and entitlements. While modifying role content is okay, you do not want reviewers requesting that roles be deleted.
[Test1] have been deleted. Please cancel the change request.
Further, because this action was not allowed, the change request could not be completed.
Note the fulfillment workflow shown below. The workflow has a decision node to verify if the reviewer is deleting the entire role. If so, then it is passed to the Cancel Change Request node with Event Type of Cancel entire request and revert completed changes.
|Cause||This problem is occurring because the Cancel Change Request node is in the Fulfillment workflow.|
|Resolution||Redesign the request workflow so that the canceling of the request is made earlier in the workflow cycle,; that is, before the role is deleted. In the current configuration, the role is being deleted and recreated. By moving the cancellation to earlier in the workflow, both are avoided. In this case the decision node and 'Cancel Change Request node were both moved to the approval workflow.|