000035645 - Duplicate groups are shown for a user in RSA Identity Governance & Lifecycle

Document created by RSA Customer Support Employee on Oct 22, 2017
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000035645
Applies ToRSA Product Set: RSA Identity Governance & Lifecycle
IssueThe following two conditions are both evident in the User Interface:
  • Users > Users > [user name] > Access tab > All shows the same group multiple times for a user.
  • Collectors > Account Collectors > [collector name] > Collection History > Account Data Collection > Collected Data > Group Memberships shows the same group collected only once for the user's Member Name.
CauseThis situation occurs when there are multiple group member paths for the one user in the directory service.  This leads to multiple instances of the one user in the group.
For example, if the following group and member path information was collected, the user "Mary Smith" would be in the "ExchangeGroup" three times and in the "Staff" and "Group Internal Users" groups two times:

Group
CN=ExchangeGroup,OU=AVgroup,OU=Groups,OU=AU,DC=myorg,DC=com,DC=au
Member Path
CN=Mary Smith,OU=Users,OU=VIP,OU=AU,DC=myorg,DC=com,DC=au
CN=All Staff\, Corporate Planning,OU=Mail,OU=Groups,OU=AU,DC=myorg,DC=com,DC=au,CN=Mary Smith,OU=Users,OU=VIP,OU=AU,DC=myorg,DC=com,DC=au
CN=allmgrs,OU=Mail,OU=Groups,OU=AU,DC=myorg,DC=com,DC=au,CN=Mary Smith,OU=Users,OU=VIP,OU=AU,DC=myorg,DC=com,DC=au
Group
CN=Staff,OU=Mail,OU=Groups,OU=AU,DC=myorg,DC=com,DC=au
Member Path
CN=All Staff,OU=Groups,OU=AU,DC=myorg,DC=com,DC=au,CN=Mary Smith,OU=Users,OU=VIP,OU=AU,DC=myorg,DC=com,DC=au
CN=All Staff\, Corporate Planning,OU=Mail,OU=Groups,OU=AU,DC=myorg,DC=com,DC=au,CN=Mary Smith,OU=Users,OU=VIP,OU=AU,DC=myorg,DC=com,DC=au
Group
CN=Group Internal Users,OU=Mail,OU=Groups,OU=AU,DC=myorg,DC=com,DC=au
Member Path
CN=Staff,OU=Mail,OU=Groups,OU=AU,DC=myorg,DC=com,DC=au,CN=All Staff\, Corporate Planning,OU=Mail,OU=Groups,OU=AU,DC=myorg,DC=com,DC=au,CN=Mary Smith,OU=Users,OU=VIP,OU=AU,DC=myorg,DC=com,DC=au
CN=Staff,OU=Mail,OU=Groups,OU=AU,DC=myorg,DC=com,DC=au,CN=All Staff,OU=Groups,OU=AU,DC=myorg,DC=com,DC=au,CN=Mary Smith,OU=Users,OU=VIP,OU=AU,DC=myorg,DC=com,DC=au
ResolutionYou can see the Member Path data when you view the members in the group, from the User Interface. Go to Users > Groups > [group name] > Members tab > Show All and look in the Derived From Path column.

Attachments

    Outcomes