Unable to create attribute change rule with RSA Identity Governance and Lifecycle 6.9.1P08 or later when the condition uses Is Deleted or Deleted Date
2 years ago
Originally Published: 2016-09-06
Article Number
000043151
Applies To
RSA Product Set: RSA Identity Governance and Lifecycle 
RSA Version/Condition: 6.9.1 P08 or later
 
Issue
Unable to create a new rule of the Attribute Change type that is looking for a condition of a deleted attribute (that is, Is Deleted or Deleted Date).
  1. Go to Rules > Create Rule.  
  2. Select Type: "Attribute Type" with the Condition: "When change is detected for existing users" and "Users with the following attribute changes."  
  3. You cannot select Is Deleted or Deleted Date from the drop down list.
Cause
As part of a fix that prevents issues related to the use of the Is Deleted and Deleted Date attributes, these are no longer available on the drop down menu.

Is Deleted and Deleted Date attributes are only populated for deleted user identities. In the attribute change rule, we are comparing two user entities:  the previous entity versus the new entity. If there is any change in any of these attributes for newly/latest collected user identities, we capture them as attribute changes. But in the case of deletion, there is no previous entry in the table for the collected user; therefore, there is no way to compare the values so they will never be flagged by an attribute change rule. These columns were removed from the drop-down menu since their existence makes no sense for this rule type and causes confusion to the end-user.
 
Resolution
This is intended behavior and working as designed.  Use the Provisioning Termination rule to detect changes to terminated and/or deleted users.
Notes
The Attribute Change Rules are designed to detect changes to EXISTING users. It will not detect changes made to deleted users.

Related Articles

Trending Articles

Don't see what you're looking for?