Unable to create attribute change rule with RSA Identity Governance and Lifecycle 6.9.1P08 or later when the condition uses Is Deleted or Deleted Date

2 years ago

Originally Published: 2016-09-06

Article Number

000043151

Applies To

RSA Product Set: RSA Identity Governance and Lifecycle
RSA Version/Condition: 6.9.1 P08 or later

Issue

Unable to create a new rule of the Attribute Change type that is looking for a condition of a deleted attribute (that is, Is Deleted or Deleted Date).

Go to Rules > Create Rule.
Select Type: "Attribute Type" with the Condition: "When change is detected for existing users" and "Users with the following attribute changes."
You cannot select Is Deleted or Deleted Date from the drop down list.

Cause

As part of a fix that prevents issues related to the use of the Is Deleted and Deleted Date attributes, these are no longer available on the drop down menu.

Is Deleted and Deleted Date attributes are only populated for deleted user identities. In the attribute change rule, we are comparing two user entities: the previous entity versus the new entity. If there is any change in any of these attributes for newly/latest collected user identities, we capture them as attribute changes. But in the case of deletion, there is no previous entry in the table for the collected user; therefore, there is no way to compare the values so they will never be flagged by an attribute change rule. These columns were removed from the drop-down menu since their existence makes no sense for this rule type and causes confusion to the end-user.

Resolution

This is intended behavior and working as designed. Use the Provisioning Termination rule to detect changes to terminated and/or deleted users.

Notes

The Attribute Change Rules are designed to detect changes to EXISTING users. It will not detect changes made to deleted users.

Don't see what you're looking for?

Potential Impact from Salesforce Device Activation Change

Related Articles

Trending Articles