000035567 - RSA Identity Governance & Lifecycle Imported Roles do not show entitlements on Users

Document created by RSA Customer Support Employee on Jun 13, 2018Last modified by RSA Customer Support Employee on Jun 13, 2018
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000035567
Applies ToRSA Product Set: RSA Identity Governance & Lifecycle
RSA Version/Condition: 6.9.x, 7.0.x ,7.1
  1. Export roles from one machine to the other by navigating to Roles > Actions > Export Roles.
  2. These roles contain members and entitlements. These entitlements show up under Users > Access for the members.
  3. Import the role(s) into another system using Roles > Actions > Import Roles.
The system has the corresponding options:

  • Directory/Application
  • Identities
  • Entitlements
The role(s) show all the members and entitlements, but when you check the Users > Access tab, the entitlements do not display.

This is expected behavior, as no entitlement shall be granted to any user without being audited through a Change Request.

ResolutionAfter importing the role(s) through Roles > Actions > Import Roles, you need to run a rule on the target system that will create Change Requests so that grant of the entitlements can be properly audited.

The rule must have the following attributes:
Type:  Role Missing Entitlements

Condition:  If there are role members missing required entitlements for any roles.  (Any roles can be matched to customer requirements.)
Actions:  Create CR to add missing entitlements


Missign entitlement rule