RSA Identity Governance and Lifecycle users do not match the membership rule once removed from the role

3 years ago

Originally Published: 2017-03-13

Article Number

000064833

Applies To

RSA Product Set: RSA Identity Governance and Lifecycle
RSA Version/Condition: 6.8.1+

Issue

When a user is removed from a role and then the user attempts to add the same user back to the role, the membership rule marks the user as FALSE which is incorrect and the user is not added back to the role.

For example:

Create a role with some membership rule. In this example we are using "users."Is Terminated"=0 or users.Department='Finance'" as the membership rule.
Add users to the role matching the membership rule and apply the changes.

Remove a user from the role and commit the changes.

Try to add the same user back to the role by filtering with matching items and that user is not seen in the list. If we try to search manually with a filter set to All Members, we will be able to see that the user does not match the membership rule. The membership rule condition shows as false rather than true.

Resolution

Upgrading to one of these versions will resolve the issue:

V6.8.1 P25,
V6.9.1 P18,
V7.0.0 P05,
V7.0.1 P01,
V7.0.2

Don't see what you're looking for?

Potential Impact from Salesforce Device Activation Change

Related Articles

Trending Articles