This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA® Identity Governance & Lifecycle Discussions

Discussions about RSA Identity Governance & Lifecycle.
JohanArvidsson
Beginner
Beginner
‎2020-07-01 08:11 AM

Out of office delegation

Jump to solution

Hello there,

 

I have a question about the delegation that comes from the Out Of Office function!

 

I have a role assigned to a Manual Fulfillment node, anyone in this role will get this activity assigned to them when it hits that state.

 

The scenario here is when a past member of this role goes out of office their delegate is getting the fulfillment activities that comes with the past role. These activities, for the delegate, comes from the delegation process and is only activities that comes after the Out Of Office process has taken place.

 

The user that goes out of office does not have these activities assigned to them prior, during, or after the Out of Office period but still the delegate get these as a result from the delegation.

 

Example:

   User1 is a member of Role1

   User1 leaves Role1

   User1 goes Out of office and delegates to User2

   User2 gets the fulfillment activities that comes with the membership from Role1. But only the activities that has been created after the Out Of Office took place.

 

Is this an intended behavior?

 

The IG&L Version is 7.1.1 P5

Labels (1)
Labels
0 Likes
Reply
1 Solution

Accepted Solutions
JohanArvidsson
Beginner
Beginner
‎2020-09-17 08:47 AM

Jump to solution

Mostafa HelmyIan Staines

When the issue still occurred after upgrading to 7.1.1 P09 and also upgrading another environment to 7.2.0 P03 i decided to make a Support Case (Case# 01659708). When I get the oppurtionity I will try this in 7.2.1 to see if the issue still persists.

I will close this thread and I thank you guys for your help!

View solution in original post

Reply
10 Replies
IanStaines
Moderator Moderator
Moderator
‎2020-07-24 06:01 PM

Jump to solution

Sorry that no one has responded.  I am having problems understanding the use case and exactly what the failure is.


Perhaps try restating the problem and see if this helps.

0 Likes
Reply
IanStaines
Moderator Moderator
Moderator
In response to IanStaines
‎2020-08-31 12:22 PM

Jump to solution

I don't fully understand your scenario.   If you think this is a defect in the product I recommend you open a support case so that we can gather all the information and respond to you officially. 

0 Likes
Reply
JohanArvidsson
Beginner
Beginner
In response to IanStaines
‎2020-08-31 01:02 PM

Jump to solution

Sorry if my question is badly written and thank you for taking the time to try and look into it!

I think we just stumble upon a bug with the Out Of Office delegation in a particular scenario so I will open a support case when I get the time. I can provide with the case number/ticket number when this has been done if you wish? 

0 Likes
Reply
IanStaines
Moderator Moderator
Moderator
In response to JohanArvidsson
‎2020-08-31 03:48 PM

Jump to solution

Yes I just want to make sure you are getting assistance.

0 Likes
Reply
MHelmy
Moderator Moderator
Moderator
‎2020-09-01 03:57 AM

Jump to solution

Could you show us how you are assigning the activity to the Role?

 

A screenshot of the Manual Fulfilment node Resource configuration would be helpful.

0 Likes
Reply
JohanArvidsson
Beginner
Beginner
In response to MHelmy
‎2020-09-01 06:11 AM

Jump to solution

Absolutely!

I will need to replicate the issue in my own test/dev environment as I'm not allowed to show production data!

0 Likes
Reply
JohanArvidsson
Beginner
Beginner
In response to MHelmy
‎2020-09-01 07:48 AM

Jump to solution

(All data in the pictures are made up. The data is purely test data that has been randomized)

 

( Ian Staines‌ just mentioning you as an update ping)

 

I have a technical Role called IT Support where all members in this role will be able to perform the manual activity.

The Manual activity workflow is a fresh copy from the default one with one exception that the Manual Fulfillment node is assigned to the support role.

 

FullfilmentNOde.PNG

Manual Fulfillment

DelegationOnly.PNG

Fulfillment Phase in Delegation Only (This is a fresh copy from the Default Delegation Only.

 

I make a change request to add a User to an arbitrary AD group

New_Request.PNG

 

I remove one User from the Support role

RemovedFromRoll.PNG

Make sure the user is no longer in the role

Members.PNG

I make the removed user (ca4719) go out of office and delegate to Rangarsson, Ragnar

Delegation.PNG

 

Now the first request (pic one) looks the same, only the Support Role can handle this activity

firstReq.PNG

 

Now I make a new request to add another user to another arbitrary AD group and as you can see it will get delegate to Ragnar

New_Request.PNG

As you can see below Ragnar gets this delegation from the user Abrahamsson Cajsa but she is no longer a member of the IT Support role

ragnar.PNG

So the old requests is still fine but every new request gets delegate to Ragnar (delegated from Cajsa) but Cajsa is no longer a member of the Support role that handles the fulfillment.

 

I hope this make my case more clear for you guys. Please tell me if you want/need more info.

 

IG&L Version: 7.2.0.176311

0 Likes
Reply
IanStaines
Moderator Moderator
Moderator
In response to JohanArvidsson
‎2020-09-16 05:05 PM

Jump to solution

I know that you are describing this issue in terms of delegation but is it possible this is a failure in the Role?

 

Are there any other places such as the Role Management screen or the User Access tab that shows the wrong user still in the Role?

0 Likes
Reply
JohanArvidsson
Beginner
Beginner
In response to IanStaines
‎2020-09-17 04:21 AM

Jump to solution

Hi Ian!

No I can't find anywhere in the GUI that the User is still in the Role.

Neither in the database I can't seem to find the user in the Role when I look in the Public Views or in the regular Views.

 

I have yet to look into the tables for the roles to see if the user can be found.

Do you have any suggestion on what tables or views that I should look into?

0 Likes
Reply
© 2020 RSA Security LLC or its affiliates.
All rights reserved.