In an Account Discovery job, if multiple rules exist and more than one rule can match the same account, which rule settings would apply to that matched account?
For example:
Rule1: Find all accounts that are members of the local "Administrators" group and assign the password profile A
Rule2: Find the account named "Administrator" and assign it the password profile B
In this scenario, the account "Administrator" will be matched by both (rules 1 because its a member of the group "Administrators") and (by rule 2 because the name matches), while profile would apply to the account in this case?
Starting with SPP version 6.8, the Account Discovery Rules are processed from top to bottom in the order of the rule creation.
Rule1 was created first and therefore is processed first to discover all accounts that are members of the "Administrators" group in this example and these accounts will get assigned password profile A
However, since the rule 2 conflicts with rule 1 where it also matches the account "Administrator" then this account will get assigned profile B as it is the last processed rule that matches this specific account.
Therefore, In a case where an account matches 2 rules, the latter rule will apply to that account.
© 2023 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center