When an MAADC collects multiple accounts with the same name in different applications, the associated MAEDC grants entitlements to all accounts with the same name regardless of what application they are associated with.
Consider the following example where account
AdminAccount is collected into three different applications:
Application: Perforce
Account: AdminAccount
Application: FileSystem
Account: AdminAccount
Application: Bugzilla
Account: AdminAccount
AppRole: ManageBugzillaJiras
After the three AdminAccounts are collected by an MAADC, the associated MAEDC grants application role ManageBugzillaJiras to all three accounts in all three applications instead of Bugzilla only.
This issue can be observed by going to
Resources >
Directories/Applications > {
Directory/Application name} >
Accounts tab. The same account name will appear once for every directory/application that has that account name.
This is a known issue reported in engineering ticket ACM-58274.
This issue is resolved in the following RSA Identity Governance & Lifecycle versions and/or patch levels:
- RSA Identity Governance & Lifecycle 7.0.0 P01
- RSA Identity Governance & Lifecycle 7.0.1