000036093 - Unable to re-edit a RSA Identity Governance & Lifecycle condition containing IN for a rules definition

Document created by RSA Customer Support Employee on Mar 14, 2018Last modified by RSA Customer Support Employee on Apr 9, 2018
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000036093
Applies ToRSA Product Set:  RSA Identity Governance & Lifecycle
RSA Version/Condition: 6.9.1, 7.0.2, 7.1
IssueA rule is created where the Condition for Are the only ones with access to any of contains an IN clause that was entered manually using the Advanced mode.  For example, approles.name in ('Access Request Administrator','Application Administrator')
Rule with an IN clause

However, when the condition is re-edited, there is no IN clause and in Advanced mode, the Where Clause textbox is empty.
Rule Edit Advanced Condition selection

Rule Edit Condition is blank

This results in the IN clause needing to be re-entered.
CauseThis is a product defect reported under engineering ticket ACM-84791.
ResolutionAs of March 2018, there is no resolution to this issue.  Please see the workaround below.
WorkaroundThere are two workarounds, one using Advanced Mode and one using Simple Mode.

Advanced Mode

Manually enter the IN clause as a set of OR statements instead. For example, change: 
    approles.name in ('Access Request Administrator','Application Administrator')
    approles.name = 'Access Request Administrator' OR approles.name = 'Application Administrator'

Please note that there is a maximum limit of 4000 characters.

Simple Mode

Alternately, do not use Advanced Mode, use Simple Mode. 

  1. Click on the object to be included:

User-added image

  1. Select the object values from the picklist and click OK.

User-added image