|Applies To||RSA Product Set: Identity Management and Governance|
RSA Version/Condition: 6.8.1, 6.9, 6.9.1 all patch levels
Product Name: RSA-0018010
Product Description: Business Role Manager
|Issue||When adding members to a business role (BR) that has a technical role (TR) as a direct entitlement which in turn has a direct entitlement, the missing direct entitlements indicator under the TR's members tab is blank when in fact the members do not have the direct entitlements belonging to the TR. How can you tell what entitlements the user is missing for the role if the entitlement indicator is blank?|
|Cause||The Request Workflow for "Requests created through roles" has a checkbox for "Generate indirect Entitlements." If this box is not checked, this issue will occur.|
|Resolution||Modify the workflow used when Roles generate Change Requests to "Generate Indirect Entitlements." What this does is generate a change request (CR) that adds the Technical Role entitlements belonging to the Business Role as direct entitlements to the member. It also adds all entitlements that are part of the Technical Role to the member as direct entitlements. Until the CR is completed and all direct entitlements are verified as having been given to the user, the Business Role will show the number of missing direct entitlements the user has. |
1. Find which request workflow is being used when requests are created through roles:
Requests -> Workflows
2. Modify the workflow properties for this workflow and check the "Generate Indirect Entitlements" checkbox.
Requests -> Workflows -> Requests tab ->
3. Go to Roles -> Roles -> click on the Business Role -> Members tab -> Table Options (add 'Missing Direct Entitlements' column).