Review runs triggered by rules do not use the review definition user selection criteria in RSA Identity Governance & Lifecycle. Instead, users are taken directly from the rule run and those users replace the user condition on the review definition for that run.
For example, note the below review definition user selection criteria. (In the RSA Identity Governance & Lifecycle user interface go to Reviews
> [name of review]
> Edit Definition
> User Selection
Review name = Transfer Review
Also note the below Attribute Change Rule definition (Rules
> [name of rule]
In this case, when the Transfer Review is run directly, users that have been transferred will not appear in the review results (users."Is Transferred" is null). However, when the Attribute Change Rule is run, users who are transferred show on the Transfer Review (users."Is Transferred" ='Yes') based on the Action defined for that rule which is to run the Transfer Review if a user has been transferred.
Note: Only reviews where the flag Available for Rule Actions
under the General
tab is checked may be triggered by Rules.
This is expected behavior. The user selection criteria under the Review Definition is only applicable when the review is run directly and will not be used in rule actions.
There is an update in RSA Identity Governance & Lifecycle 7.1.1 P03 which clarifies this behavior.