RSA Identity Governance & Lifecycle Access User Access Review is not showing indirect entitlements associated with a role when filtering the contents by business source.
Only a portion of the user entitlements associated with a particular business source or application are shown even though the user is known to have other entitlements.
This is by design.
The Contents tab of the User Access Review can be used to filter entitlements by business source. Select the Contents tab and check the Filter business sources checkbox and then select the business sources using various criteria.
When filtering entitlements by business source and selecting an application name as the business source the review will only display direct entitlements. Indirect entitlements associated with a role will not be shown even if those entitlements are part of the application. This is because a role is a business source and entitlements associated with a role belong to the business source associated with the role set to which that that role belongs.
The User Access Review can include roles and the role can display role entitlements. You can include these roles on the User Access Review by ensuring that the include roles checkbox is enabled and by adding the application role set that is associated with the roles is included as a business source for the review.
For example, to include role based entitlements for the Aveksa application in addition to direct entitlements add the role set that contains the role as a business source.
This will allow the User Access Review to include roles on the review.
Note that this may not be a practical solution depending on the business requirements for the review.
The roles themselves will be reviewed not the indirect entitlements associated with the role.
The role set may cover more than one business source or application.
These are limitations of mixing Role based and direct entitlements. Customers intending on leveraging the role based access model should consider this when designing reviews.