000033849 - RSA Identity Governance and Lifecycle appears to show duplicated entitlements

Document created by RSA Customer Support Employee on Aug 31, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000033849
Applies ToRSA Product Set: Identity Management and Governance
RSA Product/Service Type: Entitlement Data Collector
RSA Version/Condition: 6.x, 7.x
IssueThere appears to be more than one copy of an entitlement for a user.  When the multiple entitlements are examined closely, the resource name has a different combination of upper and lower case in each entitlement instance.
CauseResource names in entitlements are case sensitive.  Therefore the same combination of upper and lower case characters must be in the resource name every time the entitlement is collected.

For existing entitlements

Every time there is a collection that has a different upper/lower case spelling for the resource, it will be viewed by IMG/L&G/G&L as a different resource and so a new entitlement will be created, effectively creating a duplicate.

If an entitlement is meant to be deleted  

If the resource name's case does not match what it was when the resource was added, it will not be deleted.  For example,  the following fully qualified resource names were found in a sequence of entitlement collections for the read (R) action for a particular user, and entitlements were created or deleted as shown.
28-Apr-16 created "RESOURCE_NAME" 
29-Apr-16 created "Resource_Name" 
4-May-16  deleted "RESOURCE_NAME" 
4-May-16  deleted "Resource_Name" 
4-May-16  created "Resource_Name" 
11-May-16 created "resource_name"   
27-Jun-16 deleted "resource_name"

If you look carefully at the above sequence of upper/lower case, you can see that after 27-June-16 there should be left just one R entitlement for this resource for the user, which is the one that was created on 4-May-16 for "Resource_Name."
ResolutionConfigure all entitlement data collection sources to ensure that every time an entitlement is collected, the upper/lower case spelling of the entire fully qualified resource name is always the same.