Environment: 7.1.1 P3
RSA Supplied DB
What is the best method to exclude an AppRole or Account from AppRole from the Leaver Rule?
I cannot seem to get the right formula with <> or tell the difference between "has application role" and "not has application role".
Use Case - one of many:
I have an entitlement collector that collects from Active Directory groups in conjunction with an application database.
- Primary account collection is from the Application database.
- As part of the "RESOURCE > Application> Entitlement" , there is a second entitlement collector for a Active Directory group.
- Since it is an Active Directory group, the group is removed when the account is disabled under the Active Directory Leaver..
- However, a manual change request is created to remove the user from the Active Directory group with the error "AFX reports this item failed with code  and message: 'NoRowsChanged'". (This error makes sense as the Leaver Rule already removed the group)
- It is using the AFX AD fulfillment.