When adding new members to existing Active Directory (AD) groups and syncing the users in VMware Identity Manager 3.3.7, users may experience a delay of up to 5 minutes before their assigned permissions are reflected in VMware Aria Automation 8.18.x (formerly vRealize Automation).

During this window, the user may receive an error or fail to see resources associated with the new group membership, even if the directory sync between AD and VMware Identity Manager (vIDM) has completed successfully.

Aria Automation 8.18.x

VMware Identity Manager 3.3.7

This behavior is caused by the Identity Service in Aria Automation, which maintains an in-process cache of the vIDM group membership. This cache is designed to reduce the load on the vIDM appliance and improve overall response latency.

By default, the Identity Service may continue to serve previously cached (pre-sync) group membership data for up to 5 minutes.