000022652 - User group entitlements in RSA ClearTrust

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000022652
Applies ToRSA ClearTrust 5.5.2
RSA ClearTrust Agent 4.6 for Microsoft IIS

Microsoft Windows Server 2003
Microsoft Internet Information Server (IIS)
IssueUser group entitlements in RSA ClearTrust
After an RSA ClearTrust user is included or removed from a user group that has entitlements to a particular ClearTrust-protected resource, the change goes into affect immediately. This occurs even after an authorization cache flush from within the Entitlements Manager (Admin GUI).
CauseThere is caching within RSA ClearTrust Agent 4.6 that "remembers" the previously existing allow or deny of the user to the ClearTrust-protected resource
ResolutionReview the configuration parameters values for the webagent.conf's:

    cleartrust.agent.authz_allow_cache_ttl=
    cleartrust.agent.authz_deny_cache_ttl=

Reducing these values will result in the user group entitlement taking affect after the specified time.
Legacy Article IDa29713

Attachments

    Outcomes