Article Content
Article Number | 000037841 |
Applies To | RSA Product Set: RSA Identity Governance & Lifecycle RSA Version/Condition: 7.0.2, 7.1.0, 7.1.1 |
Issue | The RSA Identity Governance & Lifecyle Entitlement Requires Account feature is a feature that automatically creates an account when adding an entitlement related to the account and the account does not exist. For example, when adding a User to a Group, this feature will create the account for the user before adding the account to the group. The first time an entitlement is requested, the system will identify that an account does not exist and will automatically create the account. For subsequent entitlements there is no need to create the account. |
Cause | This issue can occur if, during the process of requesting access, an entitlement is selected from an application that has entitlements require accounts enabled and:
The existence of this pending account prevents future entitlement requests because the account is required and yet does not actually exist but looks like it exists due to its pending status. This is a known issue reported in engineering ticket ACM-89679. |
Resolution | This issue is resolved in the following RSA Identity Governance & Lifecycle patches:
To handle this issue, a new section in the RSA Identity Governance & Lifecycle user interface has been added called Pending Submissions under Requests > Requests, which will display the change requests which were left in the Pending Submission State. New change requests for access are prevented from being generated if requests already exist in the Pending Submission State for the account associated with the requested access. The Request Form will not allow the user to submit the request and instead will display the following warning message under Dependencies: The changes for the account ##### depends on the request XXXXX which was not successfully submitted. Please cancel the request before taking further actions by navigating to Pending Submissions tab. |
Notes | Please see RSA Knowledge Base Article 000038249 -- Check for Pending Account dependency is skipped in RSA Identity Governance & Lifecycle for related information on this issue. |