000039218 - When 'Generate Indirect Entitlements' is disabled for Roles, Technical and Global Role Entitlements are still granted to Role Members in RSA Identity Governance & Lifecycle

Document created by RSA Customer Support Employee on Aug 11, 2020
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000039218
Applies ToRSA Product Set: RSA Identity Governance & Lifecycle
RSA Version/Condition: 7.2.0 P02
IssueRoles in RSA Identity Governance & Lifecycle may be configured so that role entitlements are not automatically given to members of the role. This is done by disabling the Generate Indirect Entitlements option under REQUEST SETTINGS in the request workflow used for Roles (Requests > Workflows > Request tab > {Workflow name}). When a technical or global role is added as an entitlement to a role and the role changes committed (Apply Changes), access to the technical or global role is still granted to the role member regardless of the Generate Indirect Entitlements setting. This is not true for other entitlement types.
CauseThis is a known issue reported in engineering ticket ACM-105105.
ResolutionThis issue is being investigated by the Engineering team in order to provide a permanent resolution in a future release.