SecurID® Governance & Lifecycle Knowledge Base
Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID Governance & Lifecycle experts.
Article Number
000034616
Applies To
RSA Product Set: RSA Identity Governance and Lifecycle
RSA Product/Service Type: Access Certification Manager
RSA Version/Condition: 6.9.1 P18
RSA Product/Service Type: Access Certification Manager
RSA Version/Condition: 6.9.1 P18
Issue
In 6.9.1 P18, we display a message that x users do not belong to the role, but they are not listed with a Revoke button, although they are directly entitled, and also entitled indirectly through a role or group.
This is different behavior from versions prior to P18, where those users are listed in the Directly Entitled tab with a Remove action button.
In P18, you would see this behavior:
Image descriptionResolution
The role membership functionality in the latest 6.9.1 P18 patch is as follows:
- If user is added to a role directly, then the users will be displayed as members in the Directly Entitled category.
- If user is associated to a group or a role and that group/role is added as entitlements to the role, then the user will not be displayed as member in the Directly Entitled category. The user is considered as indirect and will be displayed in All category without any action (that is, without the Remove button) only.
- If user is added to a role directly and also added via group to the role, then the user will not be displayed as member in the Directly Entitled category. The user is considered as indirect and will be displayed in All category without any action (that is, without the Remove button) only.
- The action button will not be available for direct members in the All category if they match in the above use case conditions.
In this article
