AnsweredAssumed Answered

Application roles not assigned to users

Question asked by Olivier Cheron on Feb 9, 2017
Latest reply on Feb 15, 2017 by Olivier Cheron

I'm currently evaluating RSA Identity G&L and when I compare two scenarios I followed, the result is unexpected.

I would appreciate if someone with more experience could confirm if this is a bug or intended behaviour.


I have an application configured both for account/app-role collection and AFX fulfillment.
I checked "Entitlements Require Account" so that assigning app-roles create an account.



In scenario #1: I collect existing accounts and app-roles, then I map them manually to users.


As a result, the account and app-roles are visible in the user details (user "Access" tab, where I can add more entitlements).



In scenario #2: I add one or several app-roles to a user with no prior account in this application, and launch the change request. After approval and fulfillment, the account is created by AFX and app-roles are also assigned in the target application. After account+entitlement collection, the fulfillment is verified and the change request complete.


In the user "Access" tab, the account becomes visible, but not app-roles. The app-roles are linked to the account but not to the user.


I find this result surprising: I would really expect entitlements added in this tab to become visible at the same location.


Does this look like a bug?
I'm using 7.0.1 P02.