000038159 - How a Multi-App Entitlement Collector (MAEDC) resolves entitlement relationships with accounts and groups collected by a Multi-App Account Collector (MAADC)

Document created by RSA Customer Support Employee on Nov 19, 2019Last modified by RSA Customer Support Employee on Nov 21, 2019
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000038159
Applies ToRSA Product Set: Identity Governance & Lifecycle
RSA Version/Condition: 7.x
 
IssueThis RSA Knowledge Base Article describes how a Multi-App Entitlement collector (MAEDC) resolves entitlement relationships with accounts and groups collected by a Multi-App Account collector (MAADC).
 
ResolutionWhen a Multi-App Entitlement collector (MAEDC) is resolving entitlement relationships against accounts or groups collected by a Multi-App Account collector (MAADC), the business source of the collected entitlement must match the business source of the account or group.

Currently the MAEDC does not collect enough information about the entitled object (account/group) to know specifically which business source it is from.  Consider the scenario where a MAEDC collects an entitlement for an Admin account.  If the MAADC collects multiple Admin accounts for various business sources (applications), without this restriction the entitlement would resolve to ALL the Admin accounts collected across all the applications. 

To handle the situation where an entitlement needs to be mapped to accounts and/or groups in multiple applications, create an Entitlement Data Collector (EDC) for the business source of the entitlement which can then use the standard resolution rules to have the entitlement applied to accounts and groups in multiple business sources.




 

Attachments

    Outcomes