000037713 - Entitlement Views show zero items in RSA Identity Governance & Lifecycle after installing a 7.1.x patch

Document created by RSA Customer Support Employee on Jul 16, 2019Last modified by RSA Customer Support Employee on Sep 10, 2019
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000037713
Applies ToRSA Product Set: Identity Governance & Lifecycle
RSA Version/Condition: 7.1.0, 7.1.1

IssueAfter upgrading RSA Identity Governance & Lifecycle 7.1.1 GA to 7.1.1 P01/P02 or upgrading to a patched version of 7.0.2, all entitlement views that previously displayed entitlements now show zero entitlements (items). 

User-added image

The following error can be seen in the aveksaServer.log:

07/11/2019 15:31:04.494 WARN  (default task-4) [org.hibernate.engine.jdbc.spi.SqlExceptionHelper]
SQL Error: 904, SQLState: 42000
07/11/2019 15:31:04.496 ERROR (default task-4) [org.hibernate.engine.jdbc.spi.SqlExceptionHelper]
ORA-00904: "APP"."TECHNICAL_OWNER_NAME": invalid identifier

Please refer to article 000030327 - Artifacts to gather in RSA Identity Governance & Lifecycle to find the location of the log files for your specific deployment.
CauseThis issue occurs when there is a custom attribute defined for a Group or Application Role or Role and if the Attribute Name is Technical Owner, Business Owner, or Exception Manager. This is a known issue reported in ACM-98888. 

In the example below, note the user Attribute Name Technical Owner defined as an Application Role attribute:
User-added image
ResolutionThis issue is resolved in the following RSA Identity Governance & Lifecycle patches:
  • RSA Identity Governance & Lifecycle 7.1.0 P09
  • RSA Identity Governance & Lifecycle 7.1.1 P03
A workaround is to rename all occurrences of the attribute names wherever they are defined (group, application role, role):

  • Change Technical Owner to Technical Owner Name
  • Change Business Owner to Business Owner Name
  • Change Exception Manager to Exception Manager Name
In the following example, the Attribute Name Technical Owner is changed to Technical Owner Name.

In the RSA Identity Governance & Lifecycle user interface,
  1. Go to Admin > Attributes > [Edit the Attribute Name Technical Owner and modify to Technical Owner Name ] > Click OK.
  2. You will get a Java exception error that may be safely ignored. To bypass the error, cancel out of the attribute editor and the change will be saved.

User-added image

  1. Now the entitlement view shows the expected list of entitlements (items):

User-added image

NOTE: You will not be able to filter on Technical Owner Name in certain scenarios. For example, the following screenshot is from a User Access Rule Definition. The error is similar to the Java exception error mentioned above, but this change cannot be saved.
User-added image