000036295 - Group owner approval is getting assigned to wrong owner in RSA Identity Governance & Lifecycle

Document created by RSA Customer Support Employee on May 15, 2018
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000036295
Applies ToRSA Product Set: RSA Identity Governance & Lifecycle
RSA Version/Condition: 7.0.2
IssueWhen requesting groups, one with an owner and another group without an owner, both of the groups approval gets assigned to the same person, even though they are not the actual owner.

Steps to replicate issue

  1.  Create a group owner workflow, which is grouped on Group as shown below:

User-added image


  1. For decision node, click on Conditions and select the condition where owner is not null.

User-added image

  1. For approval node, select the group owner(id) under Resource.

User-added image

  1. Associate the approval workflow in the main processing workflow.

User-added image 

  1. Create a request to add groups to a user. A few of the groups should have an owner and some should not.  In the example below, we are requesting three groups:

  • The temporary group does not have a group owner.
  • AdminGuest has Arun Oberoi as the group owner.
  • Administrator has Aaron Beaudoin as the group owner.

User-added image

  1. There are two activities generated for group owner approval:

User-added image

  1. Click on the activity assigned to Aaron Beaudoin.  Despite him being an owner of just the Administrator group, he can see items for a group where he is not the owner:

User-added image
CauseThis issue is due to incorrect grouping logic.  Change request items without group owners are assigned to owners of different groups that are part of Change Request.

This is a bug.
ResolutionThis is fixed in 7.0.2 P06. Deploy the patch to have this issue fixed.