RSA Product Set: RSA Governance & Lifecycle
RSA Version/Condition: All versions
A role within a Role Review process is showing a "Changed" status, despite no actual changes being committed. During the review, however, some actions were taken—such as marking the role as reviewed, or maintaining or revoking members and entitlements—which were subsequently undone. Effectively, no changes were committed to the role, but the role still appears in a changed state.
During a Role Review, a role may appear in a "Changed" state even if all review actions have been undone.
Explanation:
The following user actions trigger the role to move from a "Committed" to a "Changed" state:
- In the Role Review wizard, the user opens a role that is in a Committed state.
- In the Role Summary screen, the user performs at least one of the following:
- Clicks "Mark Reviewed" on the General Info tab (then undoes it).
- Maintains or revokes a Member (then undoes it).
- Maintains or revokes an Entitlement (then undoes it).
- Although the user undoes the action, the role has already been flagged internally as modified.
Once this flag is set, the role remains in a "Changed" state to preserve the audit trail and track any user interaction.
SQL to Check Role Component Changes:
The following SQL statement can be run to confirm if any change operations were recorded during the review process:
SELECT * FROM t_av_review_comp_changes WHERE review_component_id IN ( SELECT rc.id FROM t_av_review_components rc INNER JOIN t_av_reviews r ON rc.review_id = r.id AND r.name = '<REVIEW_NAME>' INNER JOIN t_av_roles rl ON rc.component_id = rl.id WHERE rl.name = '<ROLE_RAW_NAME>');
In the above SQL statement:
- Replace
<REVIEW_NAME>with the actual name of the Role Review - Replace
<ROLE_RAW_NAME>with the raw role name as seen in the database
Conclusion:
This is expected product behavior. Once a user performs any review-related action, the role is flagged as changed — even if all actions are undone later. No product defect exists in this scenario.
Related Articles
Change Request Revert Workflow stuck in Canceling state in RSA Identity Governance and Lifecycle Number of Views Unable to edit Role Membership Rule in RSA Governance & Lifecycle Number of Views Access Fulfillment Express (AFX) does start after applying Patch 11 or higher to RSA Via Lifecycle and Governance 6.9.1 Number of Views Roles in a Role Review are Incorrectly Set to the 'Changed' State Instead of the 'Committed' State in RSA Governance & Lif… Number of Views RSA Identity Governance and Lifecycle users do not match the membership rule once removed from the role Number of Views
Trending Articles
RSA Authentication Manager Patch Updates RSA SecurID software token .sdtid file fails to import into RSA SecurID Software Token 5.0 for Windows Configuring a Checkpoint firewall to work with SecurID RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide Unable to login to RSA Authentication Manager Security Console as super admin
