000037733 - Request forms for adding user access allow the selection of entitlements already granted indirectly in RSA Identity Governance & Lifecycle

Document created by RSA Customer Support Employee on Jul 19, 2019
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000037733
Applies ToRSA Product Set: Identity Governance & Lifecycle
RSA Version/Condition:, 7.1.1
IssueGlobal and Application Request Forms for adding user access allow the selection of entitlements already granted indirectly to the selected user in RSA Identity Governance & Lifecycle .

In the following example, user Rita Book belongs to group Engineering Management. As a member of Engineering Management, user Rita Book has inherited two indirect entitlements (Bugzilla Administrator and SCM Manager.) Because Rita Book already has these two entitlements, it is expected that any request to add additional access to this user will not include these two entitlements. However, when adding access to this user through either a Global or Application Request Form, these two entitlements are available for selection.

The Engineering Management Group Access tab shows the group has two direct entitlements:

User-added image

Rita Book's User Access tab shows she has these two entitlements as indirect entitlements via the Engineering Management group:
User-added image

When requesting additional access for Rita Book, these two entitlements incorrectly display on the Access Request Form for selection:
User-added image

User-added image
CauseThis is a known issue reported in engineering ticket ACM-96541.
ResolutionThis issue is resolved in the following RSA Identity Governance & Lifecycle patches:
  • RSA Identity Governance & Lifecycle 7.0.2 P14
  • RSA Identity Governance & Lifecycle 7.1.0 P07
  • RSA Identity Governance & Lifecycle 7.1.1 P02