000033310 - Data Access Collector (DAC) rejects Account Relationships when collecting Account Permissions in RSA Identity Governance & Lifecycle

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Jun 10, 2020
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000033310
Applies ToRSA Product Set: RSA Identity Governance & Lifecycle
RSA Version/Condition: All
 
IssueA new Data Access Collector (DAC) for collecting Account Permissions rejects all entitlement relationships. The rejected entitlements are seen in the user interface under Admin > Monitoring > Run ID > Raw Data hyperlink > Entitlement Relationships tab. The Admin error is:
 

EC[170] Context[RunID=###,EDC(Name=<name of DAC Collector>,ID=XXX,APP=XXX)]Message[Entitlement
Data Validation: User Entitlement Data is invalid
(caused by prior validation error.Invalid user/group/account or invalid/duplicate resource/application role]


The DAC is defined to collect Account Permissions (Collectors > Data Access Collectors > Create Data Access Collector > Data Source Type: Database) as follows:
 
User-added image


 


 
Cause
The account resolution for the DAC  has not been defined:
 


User-added image


 
Resolution
Define the Target Account Collector (ADC) used to collect the accounts that have access to the entitlements collected by the DAC and define an Account Attribute to be used to correlate the accounts collected by the ADC with the account entitlements collected by the DAC. For example,
 


User-added image


 

Attachments

    Outcomes