Web Services updateReviewItems 'Entitlement XXX already in the same state' message does not display account name in RSA Identity Governance & Lifecycle
Originally Published: 2020-08-26
Article Number
Applies To
RSA Version/Condition: 7.1.1, 7.2.0
Issue
In RSA Identity Governance & Lifecycle 7.1.1 P07 and 7.2.0 P01, the ability to specify account name was added to the updateReviewItems Web Services option in order to update multiple accounts in the same business source having the same entitlement to be maintained/revoked. See RSA Knowledge Base Article W000039265 -- Web Services updateReviewItems cannot update multiple accounts belonging to the same business source having the same entitlement in RSA Identity Governance & Lifecycle for more information on this added feature.
When using this feature, if one or more of the accounts has been updated and an attempt is made to update one or more other accounts having the same entitlement, the following error occurs:
Entitlement {User name - Entitlement name} already in the same state.
There is no mention of the account name.
For example, in the Review Results below, Cherry Blossom has the File System Accounts business source entitlement Misc via two accounts: Intern1 and Conferences.
The following Web Services call to updateReviewItems is used to revoke entitlement Misc from accounts Conferences and Intern1.
?xml version="1.0"?> <Review> <ReviewResultName>UARCBLOSSOM</ReviewResultName> <SignOff>false</SignOff> <ReviewItemChange state="revoke" comments="This is revoked"> <RevieweeUserId>U1</RevieweeUserId> <RevieweeAccount name = "Conferences" business-source="A1"/> <Entitlement resource="Misc" action="-" business-source="File System Accounts"></Entitlement> </ReviewItemChange> <ReviewItemChange state="revoke" comments="This item is revoked"> <RevieweeUserId>U1</RevieweeUserId> <RevieweeAccount name = "Intern1" business-source="A1"/> <Entitlement resource="Misc" action="-" business-source="File System Accounts"></Entitlement> </ReviewItemChange> </Review>
In this example, the error message:
Entitlement {User name - Entitlement name} already in the same state.
does not tell you which account had the failed message.Cause
Resolution
The fix will be to add the account name to the error message as shown below:
Status For Review Item(cblossom-Misc for the account Intern1)=
Failure (The review component is locked and can not be changed.)
The full message will look similar to this:
Status=Partial Success. Updated 1 of 2 review components successfully.
Status For Review Item(cblossom-Misc for the account Conferences)=Success
Status For Review Item(cblossom-Misc for the account Intern1)=
Failure (The review component is locked and can not be changed.)
