Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000033334 - User Access Review includes indirect entitlements of users in RSA Via Lifecycle and Governance  6.9.1 P06

Document created by RSA Customer Support

on Sep 20, 2016•Last modified by RSA Customer Support

on Apr 22, 2017

Version 2Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000033334
Applies To	RSA Product Set: RSA Via Lifecycle and Governance RSA Version/Condition: 6.9.1 P06
Issue	User Access Reviews only includes direct entitlements of users. Indirect entitlements (i. e., entitlements coming from a role should not be available in user access review). This is the default product behavior. However, in version 6.9.1 P06 we see that entitlements from a role are getting pulled in user access review. The example below shows the indirect entitlement getting pulled in user access review A technical role named Test Roles is created: The AD group entitlements of Test Roles is shown below: 3. Create a Business Role using the technical role created above as its entitlements: Add a user to the business role: Navigate to Users > Users. Search for the user created in step 1 above Click on the Access tab. It shows the business role crated above as its direct entitlement The Users Access tab shows the AD group entitlements of the technical role created above (i. e., Test Roles), which is a direct Entitlement of Business Role as its indirect entitlements. Run a user access review using the conditions shown below in the User Selection tab and the Contents tab. The review result shows all three groups of the user's indirect entitlements. The user access tab should include only direct entitlements, but here you will see indirect entitlements are also pulled.
Resolution	This issue is not seen in version 6.9.1 P09. Apply patch 6.9.1 P09 to have this issue resolved.

Attachments

Outcomes

0 Comments

Recommended Content