Group owner approval is getting assigned to wrong owner in RSA Identity Governance & Lifecycle
2 years ago
Originally Published: 2018-04-25
Article Number
000041813
Applies To
RSA Product Set: RSA Identity Governance & Lifecycle
RSA Version/Condition: 7.0.2
 
Issue
When requesting groups, one with an owner and another group without an owner, both of the groups approval gets assigned to the same person, even though they are not the actual owner.

Steps to replicate issue

  1.  Create a group owner workflow, which is grouped on Group as shown below:
User-added image
 
  1. For decision node, click on Conditions and select the condition where owner is not null.
User-added image
  1. For approval node, select the group owner(id) under Resource.
User-added image
  1. Associate the approval workflow in the main processing workflow.
User-added image 
  1. Create a request to add groups to a user. A few of the groups should have an owner and some should not.  In the example below, we are requesting three groups:
  • The temporary group does not have a group owner.
  • AdminGuest has Arun Oberoi as the group owner.
  • Administrator has Aaron Beaudoin as the group owner.
User-added image
  1. There are two activities generated for group owner approval:
User-added image
  1. Click on the activity assigned to Aaron Beaudoin.  Despite him being an owner of just the Administrator group, he can see items for a group where he is not the owner:
User-added image
Cause
This issue is due to incorrect grouping logic.  Change request items without group owners are assigned to owners of different groups that are part of Change Request.

This is a bug.
Resolution
This is fixed in 7.0.2 P06. Deploy the patch to have this issue fixed.

Related Articles

Trending Articles

Don't see what you're looking for?