I have a question about the delegation that comes from the Out Of Office function!
I have a role assigned to a Manual Fulfillment node, anyone in this role will get this activity assigned to them when it hits that state.
The scenario here is when a past member of this role goes out of office their delegate is getting the fulfillment activities that comes with the past role. These activities, for the delegate, comes from the delegation process and is only activities that comes after the Out Of Office process has taken place.
The user that goes out of office does not have these activities assigned to them prior, during, or after the Out of Office period but still the delegate get these as a result from the delegation.
User1 is a member of Role1
User1 leaves Role1
User1 goes Out of office and delegates to User2
User2 gets the fulfillment activities that comes with the membership from Role1. But only the activities that has been created after the Out Of Office took place.
Is this an intended behavior?
The IG&L Version is 7.1.1 P5
- Access & Change Requests
- Community Thread
- Forum Thread
- Identity G&L
- Identity Governance & Lifecycle
- out of office
- RSA Identity
- RSA Identity G&L
- RSA Identity Governance & Lifecycle
- RSA Identity Governance and Lifecycle
- RSA IGL
When the issue still occurred after upgrading to 7.1.1 P09 and also upgrading another environment to 7.2.0 P03 i decided to make a Support Case (Case# 01659708). When I get the oppurtionity I will try this in 7.2.1 to see if the issue still persists.
I will close this thread and I thank you guys for your help!
Sorry that no one has responded. I am having problems understanding the use case and exactly what the failure is.
Perhaps try restating the problem and see if this helps.
I don't fully understand your scenario. If you think this is a defect in the product I recommend you open a support case so that we can gather all the information and respond to you officially.
Sorry if my question is badly written and thank you for taking the time to try and look into it!
I think we just stumble upon a bug with the Out Of Office delegation in a particular scenario so I will open a support case when I get the time. I can provide with the case number/ticket number when this has been done if you wish?
(All data in the pictures are made up. The data is purely test data that has been randomized)
( Ian Staines just mentioning you as an update ping)
I have a technical Role called IT Support where all members in this role will be able to perform the manual activity.
The Manual activity workflow is a fresh copy from the default one with one exception that the Manual Fulfillment node is assigned to the support role.
Fulfillment Phase in Delegation Only (This is a fresh copy from the Default Delegation Only.
I make a change request to add a User to an arbitrary AD group
I remove one User from the Support role
Make sure the user is no longer in the role
I make the removed user (ca4719) go out of office and delegate to Rangarsson, Ragnar
Now the first request (pic one) looks the same, only the Support Role can handle this activity
Now I make a new request to add another user to another arbitrary AD group and as you can see it will get delegate to Ragnar
As you can see below Ragnar gets this delegation from the user Abrahamsson Cajsa but she is no longer a member of the IT Support role
So the old requests is still fine but every new request gets delegate to Ragnar (delegated from Cajsa) but Cajsa is no longer a member of the Support role that handles the fulfillment.
I hope this make my case more clear for you guys. Please tell me if you want/need more info.
IG&L Version: 18.104.22.168311
I know that you are describing this issue in terms of delegation but is it possible this is a failure in the Role?
Are there any other places such as the Role Management screen or the User Access tab that shows the wrong user still in the Role?
No I can't find anywhere in the GUI that the User is still in the Role.
Neither in the database I can't seem to find the user in the Role when I look in the Public Views or in the regular Views.
I have yet to look into the tables for the roles to see if the user can be found.
Do you have any suggestion on what tables or views that I should look into?