AnsweredAssumed Answered

Access Provisioned without Owner Approval

Question asked by Chris Pope on Aug 19, 2019

We are on IGL 7.1.0 P3

 

We have two levels of approvals for requests for access:  (1) Supervisor and (2) Owner, in that order.  In our Owner Approval Workflow, we have followed the configuration described here: https://community.rsa.com/docs/DOC-46128 to not require the Owner from having to approve twice if he/she is also a Supervisor.

 

However, we are experiencing an issue if there is more than one Affected User with a different Supervisor than the Owner.  IGL doesn't require the Owner to approve for the Affected Users which the Owner is not also the Supervisor.

 

e.g.:

1. Affected-User-1 has Supervisor-1 who is also the Application Owner.

2. Affected-User-2 has Supervisor-2 who is NOT the Application Owner.

 

3. Supervisor-1 approves for Affected-User-1

4. Supervisor-2 approves for Affected-User-2

 

5. Owner Approval is completed by the system for BOTH Affected-User-1 and Affected-User-2.

 

Issue: The Owner...who is also Supervisor-1...does not approve any access for Affected-User-2 because the Owner doesn't see or approve access for Affected-User-2 due to not being that person's Supervisor.  In other words, some users get the access without the App Owner ever seeing or approving their access.

 

IGL seems to look to see if the Owner is an Approver for ANY Affected User, regardless of whether the Owner is the Supervisor the specific Affected User or not.

 

Is there any way to prevent this from happening?

Outcomes