When a user has the same entitlement assigned through two or more accounts in the same business source, maintain/revoke of the entitlement via the Web Services updateReviewItems option will only update one account. This option is available in the user interface under Admin > Web Services > Review tab > updateReviewItems.
For example, in the Review Results below, Cherry Blossom has the File System Accounts business source entitlement Misc via two accounts: Intern1 and Conferences.
The following Web Services call to Maintain entitlement Misc only maintains the entitlement for one account. In this case Conferences.
<ReviewItemChange state="maintain" comments="Item maintained through Web Services">
<Group name = "Misc" business-source="File System Accounts"/>
<Entitlement resource="AFX Connector" action="Admin" business-source="Aveksa"/>
Note the entitlement has been maintained for only one account (Conferences😞
Running the command a second time in an attempt to update the second account, Intern1, results in the following error and the second account is not updated.
Status-Failure. None of the 2 review components could be updated.
Status For Review Item(pcyr-AFX Connector)=Failure
(Specified review component does not exist. Specified review component does not exist.)
Status For Review (pcyr-Misc)=Failure
(The review component is already in the same state as being updated. )
This is a known issue reported in engineering ticket ACM-101501.
This issue is resolved in the following RSA Identity Governance & Lifecycle patch levels:
RSA Identity Governance & Lifecycle 7.1.1 P07
RSA Identity Governance & Lifecycle 7.2.0 P01
The fix is to add a tag to the updateReviewItems Web Service call for Account name:
<RevieweeAccount name = "value" business-source="value"/>