000037690 - How users are selected for reviews that are triggered by rules in RSA Identity Governance & Lifecycle 

Document created by RSA Customer Support Employee on Jul 24, 2019Last modified by RSA Customer Support Employee on Jul 25, 2019
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000037690
Applies ToRSA Product Set: Identity Governance & Lifecycle
RSA Version/Condition: All
IssueReview runs triggered by rules do not use the review definition user selection criteria in RSA Identity Governance & Lifecycle. Instead, users are taken directly from the rule run and those users replace the user condition on the review definition for that run.

For example, note the below review definition user selection criteria. (In the RSA Identity Governance & Lifecycle user interface go to Reviews > Definitions > [name of review] > Edit Definition > User Selection tab.)
Review name = Transfer Review

Review Definition - User Selection

Also note the below Attribute Change Rule definition (Rules > Definitions > [name of rule])
User-added image

In this case, when the Transfer Review is run directly, users that have been transferred will not appear in the review results (users."Is Transferred" is null). However, when the Attribute Change Rule is run, users who are transferred show on the Transfer Review (users."Is Transferred" ='Yes') based on the Action defined for that rule which is to run the Transfer Review if a user has been transferred.

Note: Only reviews where the flag Available for Rule Actions under the General tab is checked may be triggered by Rules.

ResolutionThis is expected behavior. The user selection criteria under the Review Definition is only applicable when the review is run directly and will not be used in rule actions.

There is an update in RSA Identity Governance & Lifecycle 7.1.1 P03 which clarifies this behavior.