Mapping Accounts to Deleted Users in RSA Identity Lifecycle and Goverance

2 years ago

Originally Published: 2016-09-19

Article Number

000053749

Applies To

RSA Product Set: Identity Lifecycle and Governance
RSA Version/Condition: All current supported versions

Issue

During collection of account mappings an Account Data Collector will map accounts to users that match the resolution criteria, even if the users are deleted or terminated. We do not reject these mappings as they are data collected from a source system that could possibly pose a security threat. For example, if a terminated user has access to privileged accounts, then anyone who can get access as that terminated user will have access to those accounts and privileges. Additionally, if that user subsequently returns to the company, they may still have access to privileges that they should no longer be entitled to.

Resolution

Deleted and/or terminated user account mappings should be cleaned up in the source system to prevent any possible security issues.

Don't see what you're looking for?

Potential Impact from Salesforce Device Activation Change

Related Articles

Trending Articles