Why automatically generated revocation requests do not add back revoked requests on a revocation date in RSA Identity Governance and Lifecycle
RSA Product Set: RSAIdentity Governance and Lifecycle RSA Version/Condition: All
You have one of the following use cases:
I. Change request containing both add and revoke items
A change request is triggered to add an entitlement (E1=pbciadmin) via Requests > Requests > Create Request > Add Access and removal of existing entitlement (E2=1005-1-pbci : admin) via Requests > Requests > Create Request > Remove Access.
The request is submitted with a revocation date.
The automatic change request contains only the removal of E1, but not the addition of E2.
Why doesn't the automatic revocation request add back entitlement E2? The entitlement that was revoked when the revocation date occurs.
II. Change request containing only revoke item
A change request gets triggered with removal of an existing entitlement (E3=1005-1-pbci : readonly).
The request submitted with a revocation date.
The automatic request does not contain any change item.
Why isn't entitlement E3 added back on the revocation date via the automatic request?
This is the expected behavior of the product. The purpose of the revocation date is to tell RSA Identity Governance and Lifecycle when to revoke an entitlement, not when to add one back. The word revocation means to revoke or remove so a revocation date implies revoke/remove only. The field is there but it should not be used when revoking an entitlement, as it does not make sense to revoke a revoked entitlement.