Article Number | 000038726 |
Applies To | RSA Product Set: RSA Identity Governance & Lifecycle RSA Version/Condition: 7.0.x, 7.1.x, 7.2.x |
Issue | When the status of a Segregation of Duties (SoD) Rule or a User Access Rule is set to Inactive, no new violations are detected but the status of existing violations remains as follows:
- Open violations remain open after the rule has been inactivated.
- Exceptional access remains in effect and on the exceptional access expiration date, the violations become open violations and emails are sent to the remediators to take action.
This is intentional product behavior. The existing violations need to be handled whether or not the rule is active. |
Tasks |
|
Resolution | There are two options for removing open violations that are part of Inactive rules:
- Delete the rule
- Change the rule:
- Edit the SoD or User Access rule.
- Set the status to Active
- Change the Selected users filter to something that is always false (for example, go to Advanced and enter 1=0 in the Where Clause).
- Save the rule changes.
- Run the rule once. This should close all violations.
- Edit the rule again
- Set the status to Inactive
- Remove the false filter.
- Save the rule changes.
|