"CheckAccess" webservice API call not working correctly for accounts

3 years ago

Originally Published: 2021-03-26

Article Number

000044325

Applies To

RSA Product Set: RSA Identity Governance & Lifecycle
RSA Version/Condition: 7.2.1 P02

Issue

There is a user HM99541 with multiple AD accounts - HM99541 and TS99541.

User-added image

The user has access to AD group "CMHUB -R" through the HM# account.
User-added image

However, the "CheckAccess" API call returns "result=true" when checking for the group access to the TS# account but the "TS#" account does not have that group access

Also when an account is locally mapped to one user only

the API for checking the group should return false it returns an error instead

User-added image

<html>

<head>
	<title>Error</title>
</head>

<body>could not resolve multiple users account for checking group memebership
	Query
	String=cmd=checkAccess&amp;accountBS=Active%20Directory&amp;accountName=Abse1943&amp;entitlementBS=Active%20Directory&amp;token=ws31586405e9d7afd6f6:-3ce0f892:17791a7cc3d:-36f00.4189250509477934&amp;group=grp1
</body>

</html>

Cause

This is a known issue in the following versions.

RSA Identity Governance & Lifecycle 7.2.1 P02

Resolution

This issue is resolved in the following versions.

RSA Identity Governance & Lifecycle 7.2.0 P09
RSA Identity Governance & Lifecycle 7.2.1 P05
RSA Identity Governance & Lifecycle 7.5.0 P01
RSA Identity Governance & Lifecycle 8.0

Don't see what you're looking for?

Potential Impact from Salesforce Device Activation Change

Related Articles

Trending Articles