Since the above question was marked as assumed answered, I'm posting here with the same question. I tested this on Patch 05 of 7.1.1 and haven't seen a change in behavior.
Daniel Ekerman originally asked Feb 2018
"Unable to see indirect entitlements (granted by role) held by user in Access Request Form, even though "Mark entitlements rows already held by target users" is checked. Is this another way to get the entitlements the user already has to show up as pre-checked in the form?"
I followed up
Did anyone ever get any feedback on this? I also am noticing the same issue.
One thing I've noticed is that with Change Item Handling set to "Add selected items" the indirect access doesn't show up in the form.For example Garth Brooks is a member of "Business Role 1" which has "Technical Role 1" as one of the entitlements.
If "Technical Role 1" is the only role in the role set, the table is empty.
However, if you change the form field such that Change Item Handling is "Subject must have one entitlement" or "Subject may have one entitlement" then whatever indirect access the user has is listed, but IGL doesn't check mark the access. This indicates that these two change item handlers ignore indirect access.
Is this by design or a bug?
I would expect "Technical Role 1" to be checked in this screenshot, because Garth Brooks indirectly has the access.
- Access & Change Requests
- Community Thread
- Forum Thread
- Identity G&L
- Identity Governance & Lifecycle
- RSA Identity
- RSA Identity G&L
- RSA Identity Governance & Lifecycle
- RSA Identity Governance and Lifecycle
- RSA IGL
Copying my answer over here:
In my opinion, indirect entitlements not showing up in the form for either Add or Remove actions is the expected behaviour. The user already has it so we should not be able to add it. Also being an indirect entitlement, we should not be able to remove it directly.
So I would say your second form screenshot is likely to be a bug. Please log a case with RSA Support so we can investigate this.
Indirect Entitlements in Access Request Form || 01578947
Jira Ticket: ACM-104553 || Indirect entitlements (granted by role) in Access Request Form is not working as expected for "Subject must have one entitlement" and "Subject may have one entitlement"