When a Decision Node is added to a request workflow in RSA Identity Governance & Lifecycle and defined to follow the TRUE path based on the condition Contains at least one violation, the Decision Node follows the FALSE path even when one violation exists.
This situation occurs if the violation is an indirect entitlement. For example, if a user has a business role that has a technical role as an entitlement, then any changes to the technical role that should create a violation are not recognized.
This is a known issue reported in engineering ticket ACM-98904.
This issue is resolved in the following RSA Identity Governance & Lifecycle patches: