SecurID® Governance & Lifecycle Knowledge Base
Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID Governance & Lifecycle experts.
Article Number
000034789
Applies To
RSA Product Set: RSA Identity Governance and Lifecycle
RSA Version/Condition: 7.0.1
RSA Version/Condition: 7.0.1
Issue
After every collector run finishes ,rule pre-processing is kicked off . If you have many Segregation Of Duties(SOD) rules configured in your application ,you will see considerate increase in the amount of time it takes in the pre-processing run as compared to lower versions.
In the AWR report you will find below query taking longest time:
In the AWR report you will find below query taking longest time:
SELECT COUNT(*) AS y0_ from V_COMMON_SOD_RULE_ENTS this_ WHERE this_."RULE_ID"=:1
Cause
The cause for longer runs is that after pre-processing, the SOD rule is spending time in detecting if there are any common entitlements.
Resolution
Workaround
In RSA Identity Governance and Lifecycle 7.0.1 we have a configuration setting that would bypass this check.
The screenshot below is the configuration setting on Rules > Configuration page that you need to enable this functionality.
Image description
After enabling this feature, you will see the rule pre-processing completing in less time.
The screenshot below is the configuration setting on Rules > Configuration page that you need to enable this functionality.
Image descriptionAfter enabling this feature, you will see the rule pre-processing completing in less time.
Notes
Enabling this option will allow common entitlements in a segregation of duties (SoD) rule.
NOTE: Normally, when the system processes an SoD rule that has common entitlements, it flags the rule as invalid. When this option is selected, processing the rule does not change the status of the rule. However, deselecting this setting may result in the system flagging SoD rules with common entitlements as invalid when an administrator modifies the rule and the system processes the rule."
NOTE: Normally, when the system processes an SoD rule that has common entitlements, it flags the rule as invalid. When this option is selected, processing the rule does not change the status of the rule. However, deselecting this setting may result in the system flagging SoD rules with common entitlements as invalid when an administrator modifies the rule and the system processes the rule."
In this article
