RSA Product Set: RSA Governance & Lifecycle
RSA Version/Condition: All versions
A role within a Role Review process is showing a "Changed" status, despite no actual changes being committed. During the review, however, some actions were taken—such as marking the role as reviewed, or maintaining or revoking members and entitlements—which were subsequently undone. Effectively, no changes were committed to the role, but the role still appears in a changed state.
During a Role Review, a role may appear in a "Changed" state even if all review actions have been undone.
Explanation:
The following user actions trigger the role to move from a "Committed" to a "Changed" state:
- In the Role Review wizard, the user opens a role that is in a Committed state.
- In the Role Summary screen, the user performs at least one of the following:
- Clicks "Mark Reviewed" on the General Info tab (then undoes it).
- Maintains or revokes a Member (then undoes it).
- Maintains or revokes an Entitlement (then undoes it).
- Although the user undoes the action, the role has already been flagged internally as modified.
Once this flag is set, the role remains in a "Changed" state to preserve the audit trail and track any user interaction.
SQL to Check Role Component Changes:
The following SQL statement can be run to confirm if any change operations were recorded during the review process:
SELECT * FROM t_av_review_comp_changes WHERE review_component_id IN ( SELECT rc.id FROM t_av_review_components rc INNER JOIN t_av_reviews r ON rc.review_id = r.id AND r.name = '<REVIEW_NAME>' INNER JOIN t_av_roles rl ON rc.component_id = rl.id WHERE rl.name = '<ROLE_RAW_NAME>');
In the above SQL statement:
- Replace
<REVIEW_NAME>with the actual name of the Role Review - Replace
<ROLE_RAW_NAME>with the raw role name as seen in the database
Conclusion:
This is expected product behavior. Once a user performs any review-related action, the role is flagged as changed — even if all actions are undone later. No product defect exists in this scenario.
Related Articles
RSA Identity Governance and Lifecycle 7.2.1 Patch 3 Release Notes Number of Views Previewing Role changes prior to Applying those changes shows other incorrect/unrelated changes to the Role in RSA Identit… Number of Views Slow INSERT statement executing from the SoD_Rule_Pkg in RSA Identity Governance & Lifecycle Number of Views Attribute Change Rule not generating Change Requests in SecurID Governance & Lifecycle Number of Views RSA Identity Governance and Lifecycle 7.2.0 Patch 08 Release Notes Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.9 Release Notes (January 2026) An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide
