000034329 - Change in the review behavior while using "Include group memberships that are entitlements of their assigned global roles" option in RSA Identity Governance and Lifecycle

Document created by RSA Customer Support Employee on Dec 6, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000034329
Applies ToRSA Product Set: RSA Identity Governance and Lifecycle (G&L)
RSA Version/Condition: 7.0
 
IssueA user has access to a group entitlement and a global role is created including that group entitlement, app-role and entitlements. While generating the user access review including the user and the global role, the review item includes both the group entitlement and the global role. This behavior is expected only when the "Include group memberships that are entitlements of their assigned global roles" option is checked in the Contents tab of the review definition. However, if this option is checked, the review item should show a separate activity for the group entitlement but this is working in the opposite way. Instead of including the group entitlement it excludes the group entitlement in the review item.
As an example,
  1. Add a group entitlement to a user.
  2. Create a global role include the user, group entitlement and few other entitlements.
  3. Create a review definition and uncheck the Include group memberships that are entitlements of their assigned global roles option under the Contents tab.
User-added image

  1. Run the review and the group is listed in the Unassigned Items tab, though the same group is present in the global role.
User-added image

  1. Now edit the review definition and check Include group memberships that are entitlements of their assigned global roles in the Content tab.
User-added image

  1. Run the review and the group is not listed in the review items under the Unassigned Items tab.
User-added image

 
CauseThe UI option to include or exclude indirect groups is working backwards.
ResolutionUpgrading to Version 7.0.1 will fix this issue.
 

Attachments

    Outcomes