000038726 - How to close Open Violations for inactive Segregation of Duties (SoD) and User Access Rules in RSA Identity Governance & Lifecycle

Document created by RSA Customer Support Employee on Apr 18, 2020
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000038726
Applies ToRSA Product Set: RSA Identity Governance & Lifecycle
RSA Version/Condition: 7.0.x, 7.1.x, 7.2.x
IssueWhen the status of a Segregation of Duties (SoD) Rule or a User Access Rule is set to Inactive, no new violations are detected but the status of existing violations remains as follows:
  • Open violations remain open after the rule has been inactivated.
  • Exceptional access remains in effect and on the exceptional access expiration date, the violations become open violations and emails are sent to the remediators to take action.
This is intentional product behavior. The existing violations need to be handled whether or not the rule is active.


ResolutionThere are two options for removing open violations that are part of Inactive rules:
  1. Delete the rule
  2. Change the rule:

  1. Edit the SoD or User Access rule.
  2. Set the status to Active
  3. Change the Selected users filter to something that is always false (for example, go to Advanced and enter 1=0 in the Where Clause).
  4. Save the rule changes.
  5. Run the rule once. This should close all violations.
  6. Edit the rule again
  7. Set the status to Inactive
  8. Remove the false filter.
  9. Save the rule changes.