000035909 - How to define a custom attribute as a user with group review rights in RSA Identity Governance and Lifecycle

Document created by RSA Customer Support Employee on Feb 16, 2018
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000035909
Applies ToRSA Product Set: RSA Identity Governance and Lifecycle
RSA Version/Condition: 6.9.1 and later
IssueSome organizations need to allow an additional collected user to have review rights over a group.  For example, when the primary owner is out of the office..
  1. Under Admin > Attributes > Group, add a custom attribute, such as Additional Authorizer to the resource definition.   The custom attribute must have a data type of  User

Group Attribute Configuration

  1. Under Collectors > Account Collector > [collector name] > Edit > Group Data for the Account Data Collector that is expected to collect these groups, set the Additional Authorizer mapping to an appropriate user field in the data source.

Edit Account Data Collector
ResolutionUnder Reviews > Definitions > [review name] > Edit definition > Reviewers, when the custom attribute is of type User, then the person designated as the Additional Authorizer can be selected as a Reviewer:
Edit Group Review Definition
NotesGroups can be reviewed by going to Reviews > Definitions in the user interface. There is a built-in review there called Group review with default options that can be used to create a group review. Click on that, then click Edit Definition to change the options. You can click Run Review to run it.

NOTE: It is recommended to create a new definition rather than edit an existing OOTB definition. To do this, select Reviews > Definitions > Create New Review Definition > [choose the group review type]

There is general review documentation in the Online Help. See Reviews in the online help contents (and the RSA Identity Management & Governance 6.9.1 User Tasks documentation for 6.9.1).