|Applies To||RSA Product Set: Adaptive Authentication (Hosted)|
RSA Version/Condition: 11.0
|Issue||A user is seeing an error when trying to promote a production rule that indicates that someone is already accessing the rule, but no one else is logged in the back office.|
Error Message: someone is already accessing Recent Changes
|Resolution||The locking mechanism for rule promotion is explained on pages 157 - 160 of the RSA Adaptive Authentication (Hosted) Back Office User's Guide:|
The Policy Manager application supports a comprehensive locking mechanism to prevent any accidental conflicts between rule definition and editing activities. While one user is working with a rule definition, other users are protected from accidental conflicting access through a three-tiered approach.
From page 160 of the Back Office User's Guide:
After two hours of access time, the system automatically unlocks a rule entry and enables other users to access and process that rule. At this point, if a second user has already begun editing the rule, the original user can no longer access the rule. If the original user attempts to access the same rule, the following error message is displayed: "You cannot update this rule because your processing privileges have timed out." After the window refreshes, the user can continue working with a different rule.
Note that when a user is timed out after a lengthy work session that does not include back-end (computer) activity, extensive work may potentially be lost. For example, a Rule Manager may have been busy planning a complex rule definition, and not yet entered any new information into the Policy Manager application. Therefore, before a session times out and you are locked out of case access, you are alerted that the current session is about to expire and you are offered an option to prolong the current work session through the following message: “Your session will expire in 1 minute. Would you like to prolong your session?”
Click Yes to reset the session time. Click No to close the message window without changing anything. If the user chooses not to prolong the current session, the window displays a Session Expired page as soon as the current session times out. Note that the exact length of the time-out period, and use of a warning message, is configurable per organization.
* * *
Besides the Locking Mechanism, once a rule has been accessed with potential editing capabilities by one user, subsequent access requests by other users open dialog boxes that reflect these other protection mechanisms (from page 109 of the Back Office User's Guide:
Users can navigate between all informative windows and data field values can be viewed upon request. Only buttons that provide access to active editing features for a rule already being accessed by another user are disabled, as indicated by the unavailable buttons highlighted in the following figure.
When working with a table of many rule entries, access is enabled to all table entries except for any specific rule that is already being accessed by another user. In this case, the option buttons for the whole table are not disabled. Editing access is only blocked for individual table entries, as indicated by the small lock icon highlighted in the following figure.
In a large corporation, most people do not start and stop work simultaneously. In the real world, many users may be working simultaneously and reaching different stages in their work at different points in time. One user may open a Rules List table at a time when complete access is allowed for all rules displayed in the table. At a later point, a different user may enter the system and begin to edit a specific rule. This rule, listed in the original user’s table display, does not appear with any locking indicator, since the original user opened the table before the second user began editing.
To handle these potential real-time conflicts, the Policy Manager application provides real-time protection safeguards. Any time that a user selects a rule for editing, even if that selection is technically enabled in the table display, an internal protection check is made, to verify that the rule is still available for edit access. If, in the interim, a second user begins to work with that rule, a warning message is displayed on the screen of the first user and editing access is denied
Normally, if a rule is being edited by one user, that rule is flagged as locked and all other users are locked out and prevented from editing that rule. However, if a user accidentally closes a rule window in the middle of editing a rule, the system will identify that user upon return and the user will be allowed to return to the interrupted editing session and not be locked out inappropriately.