000036486 - RSA Identity Governance & Lifecycle 7.0.x provisioning termination rule is not creating a change request to disable the manually linked accounts

Document created by RSA Customer Support Employee on Jun 27, 2018Last modified by RSA Customer Support Employee on Jul 2, 2018
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000036486
Applies ToRSA Product Set: RSA Identity Governance & Lifecycle
RSA Version/Condition: 7.0.1, 7.0.2
 
IssueThe provisioning termination rule is creating a change request to disable only the collected accounts, leaving behind the manually linked accounts in RSA Identity Governance & Lifecycle. FOr example,
  1. Create a termination rule to generate change request to disable the accounts when the user is deleted. 

User-added image


  1. In this example, we have picked a user who has two accounts (one is a collected account and the other one is a manually linked account): 

User-added image
 


User-added image


  1. Delete the user from the source and run the corresponding Identity data collector to collect the deleted user. 
    User-added image
 

  1. Now run the rule and it will be able to pick the deleted user. The rule will create a change request to disable the collected account but doesn't create a change request to disable the manually linked account.
  2. User-added image
CauseThis is a bug in the product and has been reported to our engineering team. 
ResolutionUpgrading to version 7.0.2 P05 or 7.1.0 will fix this issue. 

NOTE: If you are seeing this issue for a specific application/directory or post upgrading to V7.0.2 P05+, please verify if the allow account disabling flag is set to Yes. If this is set to No,
  1. Navigate to Resources > Applications/Directories
  2. Select the application/directory and click Edit
  3. Enable the flag and click OK

User-added image

Attachments

    Outcomes