000039265 - Web Services updateReviewItems cannot update multiple accounts belonging to the same business source having the same entitlement in RSA Identity Governance & Lifecycle

Document created by RSA Customer Support Employee on Aug 28, 2020
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000039265
Applies ToRSA Product Set: RSA Identity Governance & Lifecycle
RSA Version/Condition: 7.1.0, 7.1.1, 7.2.0
IssueWhen a user has the same entitlement assigned through two or more accounts in the same business source, maintain/revoke of the entitlement via the Web Services updateReviewItems option will only update one account. This option is available in the user interface under Admin > Web Services > Review tab > updateReviewItems.

For example, in the Review Results below, Cherry Blossom has the File System Accounts business source entitlement Misc via two accounts: Intern1 and Conferences.
User-added image

The following Web Services call to Maintain entitlement Misc only maintains the entitlement for one account. In this case Conferences.

?xml version="1.0"?>

<ReviewItemChange state="maintain" comments="Item maintained through Web Services">
<Group name = "Misc" business-source="File System Accounts"/>
<Entitlement resource="AFX Connector" action="Admin" business-source="Aveksa"/>


Note the entitlement has been maintained for only one account (Conferences):
User-added image

Running the command a second time in an attempt to update the second account, Intern1, results in the following error and the second account is not updated.

Status-Failure. None of the 2 review components could be updated.
Status For Review Item(pcyr-AFX Connector)=Failure
(Specified review component does not exist. Specified review component does not exist.)
Status For Review (pcyr-Misc)=Failure
(The review component is already in the same state as being updated. )

CauseThis is a known issue reported in engineering ticket ACM-101501.
ResolutionThis issue is resolved in the following RSA Identity Governance & Lifecycle patch levels: 
  • RSA Identity Governance & Lifecycle 7.1.1 P07
  • RSA Identity Governance & Lifecycle 7.2.0 P01
The fix is to add a tag to the updateReviewItems Web Service call for Account name:

<RevieweeAccount name = "value" business-source="value"/>