Access User Access Review not showing indirect entitlements associated with a role for RSA Identity Governance & Lifecycle 7.x
Originally Published: 2018-10-30
Article Number
Applies To
RSA Version/Condition: 7.0.2, 7.1.0
Issue
Only a portion of the user entitlements associated with a particular business source or application are shown even though the user is known to have other entitlements.
Cause
This is by design.
The Contents tab of the User Access Review can be used to filter entitlements by business source. Select the Contents tab and check the Filter business sources checkbox and then select the business sources using various criteria.
When filtering entitlements by business source and selecting an application name as the business source the review will only display direct entitlements. Indirect entitlements associated with a role will not be shown even if those entitlements are part of the application. This is because a role is a business source and entitlements associated with a role belong to the business source associated with the role set to which that that role belongs.
Resolution
For example, to include role based entitlements for the Aveksa application in addition to direct entitlements add the role set that contains the role as a business source.
This will allow the User Access Review to include roles on the review.
Notes
- The roles themselves will be reviewed not the indirect entitlements associated with the role.
- The role set may cover more than one business source or application.
