How business source filtering works in an account access and ownership review in RSA Identity Governance & Lifecycle
Originally Published: 2018-09-14
Article Number
Applies To
RSA Version/Condition: 7.x
Issue
In the Account Access and Ownership review definition you can filter what items show up in the review at two levels; the account or the entitlements associated with an account. If you intend to limit the review to only accounts from a particular business source or to business sources with a particular custom attribute set, setting the filter in the Contents tab will not work as you may assume.
This example using the Contents tab will only filter the access items associated with accounts in the review for access pertaining to the selected business source. Accounts for other business sources will also be in the review. Only use this tab to filter access associated to the accounts in the review, not the accounts themselves.
Resolution
Here's an example of filtering by a custom business source attribute so you only review accounts associated with applications you have marked as Reviewable. Notice we are using the Business Source attribute app_string with a value of Reviewable to choose accounts to be in the review. In the pop-up screen at the bottom of the image, the option in the condition to specify the attribute is in Business Source with. If the Contents tab is left to the default value of All on the business source filtering, then any access with any business source will be seen in the review for each reviewed account.
