000033963 - Unable to create attribute change rule with RSA Identity Governance and Lifecycle 6.9.1P08 or later when the condition uses Is Deleted or Deleted Date

Document created by RSA Customer Support Employee on Sep 22, 2016Last modified by RSA Customer Support on Jan 22, 2018
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000033963
Applies ToRSA Product Set: RSA Identity Governance and Lifecycle 
RSA Version/Condition: 6.9.1 P08 or later
IssueUnable to create a new rule of the Attribute Change type that is looking for a condition of a deleted attribute (that is, Is Deleted or Deleted Date).
  1. Go to Rules > Create Rule.  
  2. Select Type: "Attribute Type" with the Condition: "When change is detected for existing users" and "Users with the following attribute changes."  
  3. You cannot select Is Deleted or Deleted Date from the drop down list.
CauseAs part of a fix that prevents issues related to the use of the Is Deleted and Deleted Date attributes, these are no longer available on the drop down menu.
Is Deleted and Deleted Date attributes are only populated for deleted user identities. In the attribute change rule, we are comparing two user entities:  the previous entity versus the new entity. If there is any change in any of these attributes for newly/latest collected user identities, we capture them as attribute changes. But in the case of deletion, there is no previous entry in the table for the collected user; therefore, there is no way to compare the values so they will never be flagged by an attribute change rule. These columns were removed from the drop-down menu since their existence makes no sense for this rule type and causes confusion to the end-user.
ResolutionThis is intended behavior and working as designed.  Use the Provisioning Termination rule to detect changes to terminated and/or deleted users.
NotesThe Attribute Change Rules are designed to detect changes to EXISTING users. It will not detect changes made to deleted users.