Data Access Collector (DAC) rejects Account Relationships when collecting Account Permissions in RSA Identity Governance & Lifecycle

3 years ago

Originally Published: 2016-06-10

Article Number

000063329

Applies To

RSA Product Set: RSA Identity Governance & Lifecycle
RSA Version/Condition: All

Issue

A new Data Access Collector (DAC) for collecting Account Permissions rejects all entitlement relationships. The rejected entitlements are seen in the user interface under Admin > Monitoring > Run ID > Raw Data hyperlink > Entitlement Relationships tab. The Admin error is:

EC[170] Context[RunID=###,EDC(Name=<name of DAC Collector>,ID=XXX,APP=XXX)]Message[Entitlement 
Data Validation: User Entitlement Data is invalid 
(caused by prior validation error.Invalid user/group/account or invalid/duplicate resource/application role]

The DAC is defined to collect Account Permissions (Collectors > Data Access Collectors > Create Data Access Collector > Data Source Type: Database) as follows:

Cause

The account resolution for the DAC has not been defined:

Resolution

Define the Target Account Collector (ADC) used to collect the accounts that have access to the entitlements collected by the DAC and define an Account Attribute to be used to correlate the accounts collected by the ADC with the account entitlements collected by the DAC. For example,

Don't see what you're looking for?

Potential Impact from Salesforce Device Activation Change

Related Articles

Trending Articles