What problem are you observing?
You create a certification campaign (to review Access Items), for “All access Items returned by a Query” (owner.email:username@*), and select “Certify All Identities”. The system can’t find any identities and won’t inform you about that either.
What is the correct behavior?
If I certify N access profiles (and the system can find them using the provided query), I expect that all identities that have those access profiles to be included in the certification campaign when I select “Certify All Identities”.
What product feature is this related to?
ISC Certification Campaigns
What are the steps to reproduce the issue?
-
Go to /ui/search/library/certifications/overview
-
Select New Campaign
-
Select Access Items
-
Select All Access Items Returned by a Query
-
Use this query (replace
usernamewith a valid/existing e-mail username):owner.email:username@* -
Search for it
-
Select “Certify Access”
-
Chose Refine identities
-
Notice that no identities are present
-
Go back and select Certify All Identities, notice that there is no error that identities are not found
-
If you want, generate the campaign and test it completely
Do you have any other information about your environment that may help?
No.
Explanation
When we use the query owner.email:username@* it finds the access profiles.
When we select Specific Access Items that I Select, it currently uses the specific IDs of the access profiles to find the corresponding identities.
But if we select All access items returned by a query, it uses such a filter to try to find the identities: @access(owner.email:username@*)
This query doesn’t work, as owner.email is not supported.
