|Applies To||RSA Product Set: RSA Via Lifecycle & Governance (RSA Via L&G)|
RSA Version/Condition: 7.0
|Issue||When sending a webservice call to CreateChangeRequest with a request containing an <AccountChange> in order to Detect Segregation of Duties (SoD) violation(s), the Change Request is processed instead of showing the violation details.|
Given the SoD rule with the Entitlement Specification as noted below, a user having or requesting both the Role Administrator and System Administrator roles should result in an SoD violation.
Now, if a user named 'jsmith' who already has the Role Administrator role requests the System Administrator role using the request xml below through Webservices, the Change Request gets created successfully instead of showing SoD violation details.
The code below shows the wrong response:
|Resolution||Since Segregation of Duties (SoD) violations are specific to users and not to accounts, the Webservice request should be sent in a <UserChange> tag.|
The correct webservice request xml is shown here, that should be sent for user 'jsmith' in the above example.
The webservice call is shown here: