Data Access Collector (DAC) rejects Account Relationships when collecting Account Permissions in RSA Identity Governance & Lifecycle
3 years ago
Originally Published: 2016-06-10
Article Number
000063329
Applies To
RSA Product Set: RSA Identity Governance & Lifecycle
RSA Version/Condition: All
 
Issue
A new Data Access Collector (DAC) for collecting Account Permissions rejects all entitlement relationships. The rejected entitlements are seen in the user interface under Admin > Monitoring > Run ID > Raw Data hyperlink > Entitlement Relationships tab. The Admin error is:
  
EC[170] Context[RunID=###,EDC(Name=<name of DAC Collector>,ID=XXX,APP=XXX)]Message[Entitlement 
Data Validation: User Entitlement Data is invalid 
(caused by prior validation error.Invalid user/group/account or invalid/duplicate resource/application role]

The DAC is defined to collect Account Permissions (Collectors > Data Access Collectors > Create Data Access Collector > Data Source Type: Database) as follows:
 
User-added image
 

 
Cause
The account resolution for the DAC  has not been defined:
 
User-added image

 
Resolution
Define the Target Account Collector (ADC) used to collect the accounts that have access to the entitlements collected by the DAC and define an Account Attribute to be used to correlate the accounts collected by the ADC with the account entitlements collected by the DAC. For example,
 
User-added image

 

Related Articles

Trending Articles

Don't see what you're looking for?