Unauthorized change rule triggered although change request for add access has passed approval phase in RSA Identity Governance & Lifecycle 7.0.2
Originally Published: 2018-12-06
Article Number
Applies To
RSA Version/Condition: 7.0.2
Issue
However, when looking at the change request's Approval Phase - Date, approval phase has been completed earlier so it should not have triggered the Unauthorized Change Detection rule.
For example, an Unauthorized Detection Rule was triggered on 27 November 2018 at 2:53 AM. However, as confirmed from the following screenshot of the change request in question, the approval phase has been completed on 7 November 2018, which is 20 days earlier than Unauthorized Detection Rule date.
Tasks
Verify if there are any change requests to remove the same account and if the entitlement combination has been created later than change request for the addition of the same account and entitlement combination.
Resolution
In the following example, a change request to remove access was been created on 22 November. The change request for the addition was created earlier on 5 November. Considering the latest change request for the account and entitlement combination is based on the creation date found in the database (change request to remove access created on 22 November 22 is the latest), this has caused Unauthorized Detection Rule to trigger, which is an expected behavior.
Notes
