|Applies To||RSA Product Set: Identity Governance & Lifecycle|
RSA Version/Condition: 7.x
|Issue||This RSA Knowledge Base Article describes how a Multi-App Entitlement collector (MAEDC) resolves entitlement relationships with accounts and groups collected by a Multi-App Account collector (MAADC).|
|Resolution||When a Multi-App Entitlement collector (MAEDC) is resolving entitlement relationships against accounts or groups collected by a Multi-App Account collector (MAADC), the business source of the collected entitlement must match the business source of the account or group.|
Currently the MAEDC does not collect enough information about the entitled object (account/group) to know specifically which business source it is from. Consider the scenario where a MAEDC collects an entitlement for an Admin account. If the MAADC collects multiple Admin accounts for various business sources (applications), without this restriction the entitlement would resolve to ALL the Admin accounts collected across all the applications.
To handle the situation where an entitlement needs to be mapped to accounts and/or groups in multiple applications, create an Entitlement Data Collector (EDC) for the business source of the entitlement which can then use the standard resolution rules to have the entitlement applied to accounts and groups in multiple business sources.