000036732 - How business source filtering works in an account access and ownership review in RSA Identity Governance & Lifecycle

Document created by RSA Customer Support Employee on Oct 9, 2018
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000036732
Applies ToRSA Product Set: Identity Governance & Lifecycle
RSA Version/Condition: 7.x
IssueThe Contents tab does not filter everything pertaining to Business Source as it does from a User Access review.

In the Account Access and Ownership review definition you can filter what items show up in the review at two levels; the account or the entitlements associated with an account. If you intend to limit the review to only accounts from a particular business source or to business sources with a particular custom attribute set, setting the filter in the Contents tab will not work as you may assume.

This example using the Contents tab will only filter the access items associated with accounts in the review for access pertaining to the selected business source.  Accounts for other business sources will also be in the review. Only use this tab to filter access associated to the accounts in the review, not the accounts themselves.
User-added image
ResolutionIf you want to filter accounts by business source, instead use the Account Selection tab. 

Here's an example of filtering by a custom business source attribute so you only review accounts associated with applications you have marked as Reviewable. Notice we are using the Business Source attribute app_string with a value of Reviewable to choose accounts to be in the review.  In the pop-up screen at the bottom of the image, the option in the condition to specify the attribute is in Business Source with. If the Contents tab is left to the default value of All on the business source filtering, then any access with any business source will be seen in the review for each reviewed account.
User-added image