Article Number
000038726
Applies To
RSA Product Set: RSA Identity Governance & Lifecycle
RSA Version/Condition: 7.0.x, 7.1.x, 7.2.x
Issue
When the status of a
Segregation of Duties (SoD) Rule or a
User Access Rule is set to
Inactive,
no new violations are detected but the status of existing violations remains as follows:
- Open violations remain open after the rule has been inactivated.
- Exceptional access remains in effect and on the exceptional access expiration date, the violations become open violations and emails are sent to the remediators to take action.
This is intentional product behavior. The existing violations need to be handled whether or not the rule is active.
Task
Resolution
There are two options for removing open violations that are part of
Inactive rules:
- Delete the rule
- Change the rule:
- Edit the SoD or User Access rule.
- Set the status to Active
- Change the Selected users filter to something that is always false (for example, go to Advanced and enter 1=0 in the Where Clause).
- Save the rule changes.
- Run the rule once. This should close all violations.
- Edit the rule again
- Set the status to Inactive
- Remove the false filter.
- Save the rule changes.
