|Applies To||RSA Product Set: Identity Management and Governance (IMG)|
RSA Version/Condition: 6.9
|Issue||Running the Data Entitlement Aggregato (DEA) Data Access Collector may result in rejected entitlements:|
It is not obvious which specific attributes are being collected for Account and Group attributes by the DEA collector's Account Resolution Rules and Group Resolution Rules. Checking the database logs for a DEA collector run it can be seen that it collects sAMAccountName for both Account and Group attributes.
Unless the associated AD account collector collects sAMAccountName for Account ID and Group ID/Name, DEA collected fileshare (for example) entitlements will not be successfully mapped to accounts and/or groups.
|Resolution||Ensure that the target account collector is using sAMAccountName for Account ID and Group ID/Name before running the DEA collector.|