If the RSA Identity Governance and Lifecycle Rule Status is invalid, a Segregation of Duties (SOD) rule definition takes a long time to open
Originally Published: 2017-02-09
Article Number
Applies To
RSA Version/Condition: 7.0.1
Issue
Cause
When an SOD Rule Definition page is displayed, it calculates common entitlements that exist between the two entitlement sets. This calculation takes a long time.
Resolution
- Log in as the administrator and navigate to Rules > Configuration.
- Under Options, enable the setting to Allow execution of segregation of duties rules with common entitlements. This will skip the check for common entitlements between two sets of entitlement coverage of a segregation of duties rule and thus creation of the rule.
If you have a rule that is in an Invalid state, then edit the rule and set the status as Active or Inactive.
Workaround
Notes
Consequences of enabling the option
When you enable this option we no longer detect common entitlements between the two entitlement sets.
Purpose of this option
We provided this option to make it easier for customers to manage the Segregation of Duties (SoD) rules and entitlements that are part of entitlement coverage. Customers do not have to go through the tedious process of cleaning up the entitlements to use the rule.
When this option is enabled, we skip the display of common entitlements and hence this common entitlements calculation is no longer performed.
If you see this issue, you can use this option to resolve the issue. We have other customers who are using this option.
