This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SecurID® Governance & Lifecycle Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID Governance & Lifecycle experts.

Access User Access Review not showing indirect entitlements associated with a role for RSA Identity Governance & Lifecycle 7.x

Article Number

000036896

Applies To

RSA Product Set: Identity Governance & Lifecycle
RSA Version/Condition: 7.0.2, 7.1.0

Issue

RSA Identity Governance & Lifecycle Access User Access Review is not showing indirect entitlements associated with a role when filtering the contents by business source.

Only a portion of the user entitlements associated with a particular business source or application are shown even though the user is known to have other entitlements. 

Image descriptionImage description

Cause

This is by design.   

The Contents tab of the User Access Review can be used to filter entitlements by business source.  Select the Contents tab and check the Filter business sources checkbox and then select the business sources using various criteria.

Image descriptionImage description


When filtering entitlements by business source and selecting an application name as the business source the review will only display direct entitlements.  Indirect entitlements associated with a role will not be shown even if those entitlements are part of the application.  This is because a role is a business source and entitlements associated with a role belong to the business source associated with the role set to which that that role belongs.

Resolution

The User Access Review can include roles and the role can display role entitlements.   You can include these roles on the User Access Review by ensuring that the include roles checkbox is enabled and by adding the application role set that is associated with the roles is included as a business source for the review.

For example, to include role based entitlements for the Aveksa application in addition to direct entitlements add the role set that contains the role as a business source.
 
Image descriptionImage description

This will allow the User Access Review to include roles on the review.
 
Image descriptionImage description

Notes

Note that this may not be a practical solution depending on the business requirements for the review.
  • The roles themselves will be reviewed not the indirect entitlements associated with the role.
  • The role set may cover more than one business source or application. 
These are limitations of mixing Role based and direct entitlements.  Customers intending on leveraging the role based access model should consider this when designing reviews.  
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2020-12-12 07:18 PM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.