|Applies To||RSA Product Set: RSA Identity Governance & Lifecycle|
RSA Version/Condition: 7.1.1, 7..2.0
|Issue||If a user has a Role as a direct entitlement and later becomes a member of another Role (Parent) that has the same Role (Child) as an entitlement, their access to the Child Role is not getting revoked if the Child Role is removed from the Parent Role. |
For example, if a user has direct access to a Technical Role and is later granted membership to a Business Role that has the Technical Role as an entitlement, their access to the Technical Role is now explained via their membership to the Business Role. If the Technical Role entitlement is removed from the Business Role, the user should lose access to the Technical Role unless they belong to one or more other Business Roles that have that same Technical Role as an entitlement. Once they do not belong to any Business Role that explains their right to be a member of the Technical Role, they are no longer entitled to be a member of the Technical Role regardless of how they originally acquired that access.
|Cause||This is a known issue reported in engineering ticket ACM-98417.|
|Resolution||This issue is resolved in the following RSA Identity Governance & Lifecycle patch levels: |