Observed rights issues when configuring Clarity grant/revoke/transfer actions using business rules, where the previous user retains a revoked right. Following recent rights assignment changes made by the Clarity administrator to Business Rule the rule does not remove the "Resource - Approve Time" right.

Following research and testing, and in discussion with Product Management, we've confirmed that the system is functioning as designed. It's important to note that the updated rule does not account for previous right assignments. Therefore, if a right such as "Resource - Approve Time" was removed in a specific scenario, it is expected to remain assigned, and the previous user will retain that revoked right. Consequently, any rights that were previously assigned through a working rule will require manual removal. The current design necessitates some manual intervention. Grant and Revoke actions can exist in single or separate rules within the same blueprint, provided the rights granted are identical. Regarding rights removal, you can identify resources that still retain the "Resource - Approve Time" right after the business rule updates by running a query similar to: select s.id, s.group_name, s.description,v.name,v.lookup_code, u.user_name, u.first_name, u.last_name FROM cmn_sec_groups_v s,cmn_lic_lookup_v v,cmn_sec_users u,cmn_lic_right_v r WHERE s.id in ( SELECT right_id FROM cmn_lic_users_v WHERE user_id=5016000) AND v.lookup_code=r.lic_right_type AND s.id = r.id AND v.language_code='en' AND s.language_code='en' AND u.id=5016000

It is generally recommended to remove these rights via the UI only. This feature is new and its future evolution into a more robust solution remains to be seen.