Correct Termination Rule behavior in RSA Identity Governance and Lifecycle 7.x
Originally Published: 2017-05-30
Article Number
Applies To
RSA Version/Condition: 7.x
Issue
- What is the correct behavior on the part of the Termination Rule?
- What happens to all the users whose attribute is changed to IS_TERMINATED=1/yes status during one of the collection periods in previous runs?
Resolution
This behavior is by design.
NOTE - This behavior of Termination Rule is by design irrespective of the actions taken. Actions such as Disable/Delete Account do not have any affect on this behavior and are shown here only as an example of Rule configuration with actions.
For example, let's say you have created a Termination Rule with the following configuration (where no filter is used on a condition):When you run an Identity Data Collector (IDC) that collects users whose termination status is changed (Is_Terminated=1), and then run the Termination Rule (Provisioning-Termination) for the first time (with or without filter), the rule will identify the terminated users as follows:
The result above shows that the rule has identified nine terminated users:
Processing Summary:
- Number of terminated users found:9
- Number of deleted users found:0
After this, if you update the Rule Definition with the condition updated as Is_terminated=yes (shown below) and run the same rule again, users will not be identified as terminated.
Processing Summary:
- Number of terminated users found:0
- Number of deleted users found:0
These users will not be identified as terminated, since it is a different/next run and does not reflect as the updated status for "Is_terminated" attribute.
