Article Number
000035567
Applies To
RSA Product Set: RSA Identity Governance & Lifecycle
RSA Version/Condition: 6.9.x, 7.0.x ,7.1
Issue
- Export roles from one machine to the other by navigating to Roles > Actions > Export Roles.
- These roles contain members and entitlements. These entitlements show up under Users > Access for the members.
- Import the role(s) into another system using Roles > Actions > Import Roles.
The system has the corresponding options:
- Directory/Application
- Identities
- Entitlements
The role(s) show all the members and entitlements, but when you check the
Users >
Access tab, the entitlements do not display.
This is expected behavior, as no entitlement shall be granted to any user without being audited through a Change Request.
Resolution
After importing the role(s) through
Roles >
Actions >
Import Roles, you need to run a rule on the target system that will create Change Requests so that grant of the entitlements can be properly audited.
The rule must have the following attributes:
Type: Role Missing Entitlements
Condition: If there are role members missing required entitlements for any roles. (Any roles can be matched to customer requirements.)
Actions: Create CR to add missing entitlements
Image description