000034880 - Can a running review be refreshed without losing the completed work in RSA Identity Governance & Lifecycle?

Document created by RSA Customer Support Employee on Sep 21, 2018
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000034880
Applies ToRSA Product Set: Identity Governance & Lifecycle
RSA Product/Service Type: Enterprise Software
RSA Version/Condition: 6.9.1, 7.0.0, 7.0.1, 7.0.2, 7.1.0
Platform: Linux
 
Issue

Scenario



  • There is an ongoing review that is 8% completed.
  • However, one application did not get included in the review, due to the incorrect setting of a parameter.
  • The parameter can be updated, but is it possible to refresh the review to include the missing application and not lose the completed work?
Tasks

RSA Identity Management and Governance 6.9.1


Review page 104 on refreshing review items in the Identity Management & Governance 6.9 User Tasks Guide.
 

RSA Via Lifecycle & Governance 7.0 and and RSA Identity Governance & Lifecycle 7.0.1, 7.0.2, 7.1.0


Access the Online Help and navigate to Performing Reviews > Working with Review Results > Refresh Review Items.
ResolutionThe answer is yes but with some warnings


Warnings



  • Check with your Review Owner before doing a Refresh Items on an in-process review.
  • Pay special attention to the selections in the Refresh Items to select only what you want to change. They are all selected by default. Options are:  review coverage info, user data, account data, group data, role data, entitlement data (including  applications) and business descriptions.

CAUTION: Be very careful when making these selections as there is the potential of audit history being removed that could be critical for historical purposes.



  • Any changes to the review result definition such as adding a new Monitor or Reviewer, do not go into affect until a Refresh Items is performed.
  • Changes to the review items could also be applied to reflect terminations or new hires that took place since the date of the original review run. 
  • The filter tabs in the main Review Definition, are not available in the Review Result Definition Edit but are still in effect. In the below example the Account Selection and Contents tabs will be missing from the review run results when editing its definition.  In the below example, the date filter that tells the review to only include items that have NOT been reviewed will be reapplied and the Maintain decisions for already reviewed items will be removed from the review results after performing the Refresh Items. Reject decision history is saved but Maintain decision history is removed.

If audit history must be kept for all review decisions by your organization, you may not want to perform a full review refresh.



These filter tabs in the Review Definition are still in effect for the Review run but will not be seen when editing the Run's Review Definition.

In the example shown below, the On or since date will cause all items already reviewed to be removed from the refreshed review.


 

User-added image


The Reviews Help has a section titled Refresh Review Items, where it states the following.


Refresh Review Items



When you or a privileged monitor refresh review items for a review result, you update reviews with new collected data (what is reviewed) and any new coverage specifications (who reviews what) and other review result modifications that you have made. See Modify a Review Definition for more information on changing coverage information and other review result items.



You can refresh a review at anytime during its lifecycle until you, the review owner, have designated it as completed. The frequency with which you should refresh review items depends on how often reviewed data changes in your organization and the duration of the review process. RSA recommends that you refresh review items as often as possible to keep the review up to date.



Refreshing a review with updated collected data adds new items to it and removes those that are no longer under review. For example, if a review’s definition specifies that users belonging to “department=Engineering” are reviewed, then refreshing the review adds any new users in the Engineering department to the review and removes those that have left the department.



Note: If change requests have been generated for items removed from a review, the change requests are retained. Also, the items for whom the change requests are generated are never removed from review during a refresh.



You can also refresh the review result with updated coverage information. This includes the reviewer and monitor specifications, alternate reviewers, and the alternate monitor.



So, you can refresh the data in a review anytime, with the following steps:

  1. Access the review result you want to refresh.
  2. Click Refresh Review Items.
  3. Select the option for one or more of the following:

  • Review coverage info,
  • User data,
  • Account data,
  • Group data,
  • Role data,
  • Entitlement data (including  applications), and
  • Business descriptions.

  1. Click OK.

Attachments

    Outcomes