Article Number
000038793
Applies To
RSA Product Set: RSA Identity Governance & Lifecycle
RSA Version/Condition: 7.0.x, 7.1.0, 7.1.1, 7.2.0
Issue
When a Local Entitlement Collector is defined with
Apply User-Entitlement Changes Immediately disabled, change requests to add/revoke access to those entitlements will go to Manual Fulfillment. In the user interface go to
Collectors >
Entitlement Collectors > {
name of Local Entitlement Collector} >
Edit >
Next.
Image description
The expected behavior is that once these change requests go to Manual Fulfillment, they will not be completed until the associated Manual Activity has been performed. The problem is that once collections have run, manual activities to revoke local entitlements are automatically completed by the system.
This is not a problem when granting local entitlements. Change requests granting local entitlements wait for the manual activity to be completed.
Cause
This is a known issue reported in engineering ticket ACM-84860.
Resolution
This issue is resolved in RSA Identity Governance & Lifecycle 7.1.1 P07.
Workaround
There are two potential workarounds to this issue:
- Complete manual activities to revoke local entitlements before any collections are run.
- Uncheck the Complete work assigned if activity is verified option in the Manual Activity Node of the related workflow. In the user interface go to Requests > Workflows > Fulfillment tab > Manual Activities > Manual Fulfillment Node. In the Activity Node Properties panel on the right, scroll down to RESOURCES and uncheck the box as shown below:
Image description