This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SecurID® Governance & Lifecycle Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID Governance & Lifecycle experts.

Why automatically generated revocation requests do not add back revoked requests on a revocation date in RSA Identity Governance and Lifecycle

Article Number

000035840

Applies To

RSA Product Set: RSA Identity Governance and Lifecycle
RSA Version/Condition: All

Issue

You have one of the following use cases:

   I. Change request containing both add and revoke items

  •  A change request is triggered to add an entitlement (E1=pbciadmin) via Requests > Requests > Create Request > Add Access and removal of existing entitlement (E2=1005-1-pbci : admin) via Requests > Requests > Create Request > Remove Access.
  • The request is submitted with a revocation date.
  • The automatic change request contains only the removal of E1, but not the addition of E2.
Image descriptionImage description
Image descriptionImage description
 
Image descriptionImage description

Why doesn't the automatic revocation request add back entitlement E2? The entitlement that was revoked when the revocation date occurs.

II.  Change request containing only revoke item

  • A change request gets triggered with removal of an existing entitlement (E3=1005-1-pbci : readonly).
  • The request submitted with a revocation date.
  • The automatic request does not contain any change item.
Image descriptionImage description
 
Image descriptionImage description
Image descriptionImage description

Why isn't entitlement E3 added back on the revocation date via the automatic request?
       

Resolution

This is the expected behavior of the product. The purpose of the revocation date is to tell RSA Identity Governance and Lifecycle when to revoke an entitlement, not when to add one back. The word revocation means to revoke or remove so a revocation date implies revoke/remove only. The field is there but it should not be used when revoking an entitlement, as it does not make sense to revoke a revoked entitlement.
 
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2021-04-23 01:45 PM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.