SecurID® Governance & Lifecycle Knowledge Base
Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID Governance & Lifecycle experts.
Article Number
000037978
Applies To
RSA Product Set: Identity Governance & Lifecycle
RSA Version/Condition: 7.1.1
RSA Version/Condition: 7.1.1
Issue
When approval workflows in RSA Identity Governance & Lifecycle are defined as having changes grouped by category, the default behavior of the product is to auto-complete all approval activities in the same category if any one of the change request items is approved. However, if any one of the change request items is rejected, the remaining items in the same category should not be approved (auto-completed). The defect being reported here is that when one of the change request items is rejected, the remaining items in the same category are still auto-completed, and therefore approved.
For example, given an activity workflow where changes are grouped by category under Process Properties as shown below:
Image description
and entitlements are requested from two applications: Application X and Application Y, the following change request is created:
Entitlements X1 and Y1 are grouped in the Accounting category for approval. If user U2 logs in and approves X1, then X1 and Y1 approvals are auto-completed as follows:
This is expected behavior. However, if U2 logs in and rejects X1, then Y1 should not be automatically approved (auto-completed.) The defect is that it does autocomplete same as if entitlement X1 had been approved.
For example, given an activity workflow where changes are grouped by category under Process Properties as shown below:
Image descriptionand entitlements are requested from two applications: Application X and Application Y, the following change request is created:
| Parent WF | Sub WF | Entitlement | Category | Assigned approvers |
|---|---|---|---|---|
| WFX | SWFX1 | X.X1 | Accounting | U1,U2 |
| WFX | SWFX2 | X.X2 | HR | U3,U4 |
| WFY | SWFY1 | Y.Y1 | Accounting | U5,U6 |
| WFY | SWFY2 | Y.Y2 | HR | U7,U8 |
Entitlements X1 and Y1 are grouped in the Accounting category for approval. If user U2 logs in and approves X1, then X1 and Y1 approvals are auto-completed as follows:
Approval 'Accounting' completed by U2 on <date/time>
Approval 'Accounting' completed by System (because of category manager) on <date/time>
Approval 'Accounting' completed by System (because of category manager) on <date/time>
This is expected behavior. However, if U2 logs in and rejects X1, then Y1 should not be automatically approved (auto-completed.) The defect is that it does autocomplete same as if entitlement X1 had been approved.
Cause
This is a known issue reported in engineering ticket ACM-101234.
Resolution
This issue is resolved in RSA Identity Governance & Lifecycle 7.1.1 P04.
In this article
