Add entitlements table shows inconsistent results when the Role Set Policy is set to 'Deny entitlements not matching the entitlement rule' in RSA Identity Governance & Lifecycle
Originally Published: 2016-08-31
Article Number
Applies To
RSA Version/Condition: 7.0.1
Issue
Below are two examples of when this issue may occur.
Example 1:
- Create a Role Set named TestRoleSet. (Roles > Role Sets > Create Role Set)
- Set the Policy to Deny entitlements not matching the entitlement rule (Roles > Role Sets > TestRoleSet > Policy tab)
- Create an entitlement membership rule for the Role Set to unifiedents."Business Unit Id"=1. (Roles > Roles Sets > TestRoleSet > Policy tab > Membership Rule)
- Go to Roles > Roles > Create/Discover > Create role and create TestRole1 role in Role Set TestRoleSet.
- Go to the Entitlements tab for TestRole1 (Roles > Roles > TestRole1 > Entitlements tab) and click on Add Entitlements.
- It is expected that matching entitlements will be displayed, as per the entitlements rule:
What happens is that:
- Either no data is displayed in the table:
- Or an Error - is displayed in the table.
Example 2:
- Set the TestRoleSet entitlement membership rule to unifiedents.'Business Source"='Application Name'. (Roles > Roles Sets > TestRoleSet > Policy tab > Membership Rule) where Application Name has 31 entitlements.
- Go to the TestRole1 entitlements tab (Roles > Roles > TestRole1) and click on Add Entitlements.
- It is expected that the entitlement table should display the data per the defined rule. What happens is that the count is displayed as 31 but the records are displayed as Error -.
Cause
Resolution
- RSA Identity Governance & Lifecycle 7.0.1 P02
- RSA Identity Governance & Lifecycle 7.0.
