User Access Rule is not generating the Change Request due to open violations.
Originally Published: 2019-07-17
Article Number
Applies To
RSA Product/Service Type: Enterprise Software
RSA Version/Condition: 7.1.0
Issue
Resolution
| As per the confirmation from engineering team, observed behavior is by design. If the Rule is not run after collections are run, this will keep the violations in pending status and hence change request will not be generated for open violations. Rules must be processed post collections to move the completed violations to "cleared/Revoked" bucket. Otherwise violations will be in "with pending revocations" bucket. So you can configure the rules to trigger post collections from "Rules > Configurations" section as we had discussed earlier. This will move the violations to closed state. Until the rule got processed violations in completed by CR/ removed will not move to "cleared/Revoked" bucket. Clear bucket: Current violation is no longer a violation either due to change in rule definition that changed user/ entitlement coverage or if those got removed from source with out any change request. Revoked Bucket: items revoked through change request and post collection move the violation to Revoke bucket. Since we have answered the questions and explain the behavior on violations and root cause on why change requests are not created, please let me know if we can proceed with closing this case now. |
