How users are selected for reviews that are triggered by rules in RSA Identity Governance & Lifecycle

4 years ago

Originally Published: 2019-07-02

Article Number

000054746

Applies To

RSA Product Set: Identity Governance & Lifecycle
RSA Version/Condition: All

Issue

Review runs triggered by rules do not use the review definition user selection criteria in RSA Identity Governance & Lifecycle. Instead, users are taken directly from the rule run and those users replace the user condition on the review definition for that run.

For example, note the below review definition user selection criteria. (In the RSA Identity Governance & Lifecycle user interface go to Reviews > Definitions > [name of review] > Edit Definition > User Selection tab.)

Review name = Transfer Review

Also note the below Attribute Change Rule definition (Rules > Definitions > [name of rule])

In this case, when the Transfer Review is run directly, users that have been transferred will not appear in the review results (users."Is Transferred" is null). However, when the Attribute Change Rule is run, users who are transferred show on the Transfer Review (users."Is Transferred" ='Yes') based on the Action defined for that rule which is to run the Transfer Review if a user has been transferred.

Note: Only reviews where the flag Available for Rule Actions under the General tab is checked may be triggered by Rules.

Resolution

This is expected behavior. The user selection criteria under the Review Definition is only applicable when the review is run directly and will not be used in rule actions.

There is an update in RSA Identity Governance & Lifecycle 7.1.1 P03 which clarifies this behavior.

Notes

Don't see what you're looking for?

Potential Impact from Salesforce Device Activation Change

Related Articles

Trending Articles