000034038 - Mapping Accounts to Deleted Users in RSA Identity Lifecycle and Goverance

Document created by RSA Customer Support Employee on Sep 21, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000034038
Applies ToRSA Product Set: Identity Lifecycle and Governance
RSA Version/Condition: All current supported versions
IssueDuring collection of account mappings an Account Data Collector will map accounts to users that match the resolution criteria, even if the users are deleted or terminated. We do not reject these mappings as they are data collected from a source system that could possibly pose a security threat. For example, if a terminated user has access to privileged accounts, then anyone who can get access as that terminated user will have access to those accounts and privileges. Additionally, if that user subsequently returns to the company, they may still have access to privileges that they should no longer be entitled to.
ResolutionDeleted and/or terminated user account mappings should be cleaned up in the source system to prevent any possible security issues.