000033334 - User Access Review includes indirect entitlements of users in RSA Via Lifecycle and Governance  6.9.1 P06

Document created by RSA Customer Support Employee on Sep 20, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000033334
Applies ToRSA Product Set: RSA Via Lifecycle and Governance
RSA Version/Condition: 6.9.1 P06
 
IssueUser Access Reviews only includes direct entitlements of users. Indirect entitlements (i. e., entitlements coming from a role should not be available in user access review). This is the default product behavior. However, in version 6.9.1 P06 we see that entitlements from a role are getting pulled in user access review.
The example below shows the indirect entitlement getting pulled in user access review
  1. A technical role named Test Roles is created:
User-added image
 

  1. The AD group entitlements of Test Roles is shown below:
            User-added image 
  3. Create a Business Role using the technical role created above as its entitlements:
User-added image
 

User-added image

  1. Add a user to the business role:
User-added image

  1. Navigate to Users > Users.  
  2. Search for the user created in step 1 above 
  3. Click on the Access tab.  It shows the business role crated above as its direct entitlement
User-added image

  1. The Users Access tab shows the AD group entitlements of the technical role created above (i. e., Test Roles), which is a direct Entitlement of Business Role as its indirect entitlements.
User-added image

  1. Run a user access review using the conditions shown below in the User Selection tab and the Contents tab.
User-added image
User-added image

 

  1. The review result shows all three groups of the user's indirect entitlements. The user access tab should include only direct entitlements, but here you will see indirect entitlements are also pulled.
User-added image
ResolutionThis issue is not seen in version 6.9.1 P09.  Apply patch 6.9.1 P09 to have this issue resolved.

Attachments

    Outcomes