RSA Identity Governance & Lifecycle Imported Roles do not show entitlements on Users
4 years ago
Originally Published: 2017-09-21
Article Number
000048241
Applies To
RSA Product Set: RSA Identity Governance & Lifecycle
RSA Version/Condition: 6.9.x, 7.0.x ,7.1
 
Issue
  1. Export roles from one machine to the other by navigating to Roles > Actions > Export Roles.
  2. These roles contain members and entitlements. These entitlements show up under Users > Access for the members.
  3. Import the role(s) into another system using Roles > Actions > Import Roles.
The system has the corresponding options:
  • Directory/Application
  • Identities
  • Entitlements
The role(s) show all the members and entitlements, but when you check the Users > Access tab, the entitlements do not display.

This is expected behavior, as no entitlement shall be granted to any user without being audited through a Change Request.

Resolution
After importing the role(s) through Roles > Actions > Import Roles, you need to run a rule on the target system that will create Change Requests so that grant of the entitlements can be properly audited.

The rule must have the following attributes:
 
Type:  Role Missing Entitlements
Condition:  If there are role members missing required entitlements for any roles.  (Any roles can be matched to customer requirements.)
Actions:  Create CR to add missing entitlements
 
Missign entitlement rule

Related Articles

Trending Articles

Don't see what you're looking for?