000029269 - Understanding how the DEA uses account and group resolution rules in RSA IMG 6.9

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000029269
Applies ToRSA Product Set: Identity Management and Governance (IMG)
RSA Version/Condition: 6.9
IssueRunning the Data Entitlement Aggregato (DEA) Data Access Collector may result in rejected entitlements:
User-added image
It is not obvious which specific attributes are being collected for Account and Group attributes by the DEA collector's Account Resolution Rules and Group Resolution Rules.  Checking the database logs for a DEA collector run it can be seen that it collects sAMAccountName for both Account and Group attributes.

User-added image

Unless the associated AD account collector collects sAMAccountName for Account ID and Group ID/Name, DEA collected fileshare (for example) entitlements will not be successfully mapped to accounts and/or groups.
ResolutionEnsure that the target account collector is using sAMAccountName for Account ID and Group ID/Name before running the DEA collector.