000034841 - Insufficient privileges error when using the review URL (review_rvw_url) in email RSA Identity Governance and Lifecycle

Document created by RSA Customer Support Employee on Mar 1, 2017Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000034841
Applies ToRSA Product Set: Identity Governance and Lifecycle 
RSA Version/Condition: 6.9.1+
IssueWhen clicking Review URL "${review_rvw_url}" in the email body to access the review URL, the reviewer receives an insufficient privileges error in the UI.

Steps to reproduce

  1. Edit the escalation workflow.  This example uses the Reviewer Email Remainder workflow. Add the REVIEW URL ${review_rvw_url} variable.
User-added image

  1. Add the escalation workflow.to the review. Run the review and wait for the escalation to trigger.
User-added image

  1. Check the email which you received from the review.
User-added image

  1. Click on the REVIEW URL from the email body and you will see the error below:
User-added image
CauseThe URL for review_rvw_url variable is generated incorrectly, pointing to a review definition instead of the review result. A reviewer who does not have access to the review definition page will get this error when accessing the URL in the received email.
ResolutionUpgrade to V6.8.1 P25, V6.9.1 P13, 7.0.0 P05 HF 01 or V7.0.1.
Below is the snapshot for the URL FOR REVIEWER and URL FOR MONITOR in the fixed versions.
User-added image