000033310 - RSA Via Lifecycle and Governance Data Access Governance (DAG) Collector rejects Account Entitlement Relationships EC[170]

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • Comment0
  • View in full screen mode

Article Content

Article Number000033310
Applies ToRSA Product Set: RSA Via Lifecycle and Governance (RSA Via L&G)
Product Version: All
Product Description: Data Access Governance (DAG)
IssueA new Data Access Governance (DAG) Collector for collecting Permissions for Accounts is rejecting all entitlement relationships. The rejected entitlements are seen in the UI under Admin > Monitoring > Run ID > Raw Data > Entitlement Relationships tab. Click on the x to see the following error:
 
EC[170] Context[RunID=###,EDC(Name=<name of DAG Collector>,ID=XXX,APP=XXX)]Message[Entitlement Data Validation: User Entitlement Data is invalid 
(caused by prior validation error.Invalid user/group/account or invalid/duplicate resource/application role]

User-added image

User-added image
Cause
The account resolution for the DAG collector has not been defined.
 

User-added image
Resolution
Define the Target Account Collector (ADC) used to collect the accounts that have access to the entitlements collected by the DAG collector and define an Account Attribute to be used to correlate the accounts collected by the ADC with the account entitlements collected by the DAG.
 

User-added image



 

Attachments

    Outcomes