Fixed Issues in 7.1 Patch 1

Document created by RSA Information Design and Development Employee on Aug 14, 2019Last modified by RSA Information Design and Development Employee on Nov 21, 2019
Version 5Show Document
  • View in full screen mode

The following issues were fixed in RSA Identity Governance and Lifecycle version 7.1 Patch 1.

Access Certification

                                   

Issue

Description

SF-1044154
SF-1027351

ACM-82969

Change Requests in Open status without a workflow ID defaulted to the Explicit Access workflow after restarting the application.

SF-839034

ACM-66789

A review opened through an email link, then canceled, opened a null page after confirmation instead of the home page.

SF-855955

ACM-68187

Comments for review items could not be applied as part of a bulk update.

SF-1120715

ACM-84607

The email link to view a role review opened to an error page.

SF-1008666
SF-1027715

ACM-79783

Non-existent access to a group appeared for users in a User Access Review.

SF-597513

ACM-51149

Multiple Account Review attributes did not properly translate to other languages.

Access Requests

                                                       

Issue

Description

SF-964684

ACM-76816

Access Requests with violations could be submitted by requestors when the filter was defined with more than one role attribute.

SF-1021090

ACM-78198

Approval nodes assigned access requests to out-of-office supervisors if those supervisors were part of the approval workflow at another level.

SF-1102047

ACM-83563

Custom attribute value lists degraded the performance of rendering the User Access pages.

SF-01110863

ACM-84248

Attributes with “on” and no date caused an exception error during the display of the milestone on the Change Request Detail page.

SF-1066622

ACM-83225

An error occurred identifying the application name in a change request when the application had a Directory For Accounts setting.

SF-1122693

ACM-84601

A pending change request with a large number of new accounts could cause a cleanup issue when restarting.

SF-1098397

ACM-83297

A Review query was not optimized for large datasets and used too much database memory.

SF-818651

ACM-64918

Business Sources excluded from Add Access and Suggestions were visible under Requests > Create Requests > Add Access, but their entitlements could not be requested.

SF-1042229
SF-1122224

ACM-80274

The manual activity assignment link became disabled after a few hours if dynamic groups or roles were in use.

SF-1103472

ACM-84436

AFX logs were not filtered as relevant to a request.

SF-1133285

ACM-85099

When a web service was assigned for a request, an error occurred when clicking on the default form under "Additional Information".

Account Management

                   

Issue

Description

SF-837790
SF-694892
SF-828508
SF-1044336

ACM-78326

An account template configured with additional account parameters failed to add those parameters to a created account.

SF-1104583

ACM-84929

Imported mapping that had been deleted and recollected from the account data collector source would create duplicate mapping.

Application Wizards

               

Issue

Description

SF-839184

ACM-67710

The Users count under Applications > General did not update after importing or updating the mapping.

Change Requests and Workflows

                                                                       

Issue

Description

SF-1053443

ACM-83569

If Enable Email Reply Processing was unchecked and saved, then related options were not properly hidden.

SF-1101627

ACM-83545

A Delete Account change request could be marked as complete but still show a status of "Pending Action".

SF-1069608

ACM-81876

Manual Request Additional Info escalations could prevent an automatic Reassign to Supervisor escalation from running as expected.

SF-1104201

ACM-83552

The save button did not function properly when a resource, escalation, job variable, or webservice response was added, edited, or deleted.

SF-1022154

ACM-78550

A Change request generated using an unowned group and an owned group would incorrectly assign all of the change request items to the second group’s owner for approval.

SF-4036115

ACM-82463

When generating a change request with users who had outstanding change requests, the generated change request incorrectly excluded any users who did not have an outstanding change request.

SF-1098925

ACM-83236

Imported legacy workflows created before version 7.0.1 had a legacy value not handled by the new architect editor.

SF-1110903

ACM-84016

The Provisioning Command node did not display job variables in the node properties.

SF-1118999
SF-1119764

ACM-84554
ACM-84218

A user access request with multiple entitlement changes did not reliably create account change items for adding entitlements depending on the order of selected actions.

SF-1143477

ACM-85731

After an upgrade, transition were not displayed in processing workflows that were created in the previous product version.

SF-684868

ACM-55740

After completing an activity, users could see all completed activity on the By Entitlement tab instead of just their own.

SF-1077691

ACM-81947

An exception error occurred when evaluating fulfillments with dynamic roles and group resources.

SF-1040676

ACM-79305

An entire change request would be rejected at the fulfillment phase if it had an entitlement deleted by a partial rejection in the approval phase.

SF-867542

ACM-74045

Activity nodes in a workflow were skipped if AFX fulfillment came back as Completed.

SF-1116690

ACM-85129

SOAP and REST web service nodes could not be exited if the code window was expanded.

Collector

                           

Issue

Description

SF-1110276

ACM-83742

Collection failed when the internal data file was larger than 2.15 gigabytes.

SF-953019
SF-1094710

ACM-74103

A line break character in search filters caused the test collection to fail for the LDAP collector.

SF-964259

ACM-75432

A custom string attribute used for collection did not collect the LastLogonTimestamp attribute as expected.

SF-1039961
SF-1112908

ACM-84256

The Salesforce collector did not collect LastLoginDate as expected due to an invalid date format error.

Connector

                   
IssueDescription

SF-1111150

ACM-84090

After an upgrade, attribute synchronization on the AD connector applied the attribute_sync prefix to non-empty & non-account variables, which updated values not required as well.

SF-976731

ACM-79126

Account template parameters did not correctly expand variables in password type attribute fields.

Dashboard

               

Issue

Description

SF-1032894

ACM-80335

Dashboard links containing a query parameter that included a bind variable did not return the expected results.

Data Collection Processing and Management

                                                                                       

Issue

Description

SF-1088219

ACM-82998

The IDC User Interface did not show whether the IDC required a Full Refresh.

SF-1104583

ACM-83603

Pending User Account mapping and subsequent local mapping were removed every time the ADC ran collection.

SF-1100515

ACM-83254

A collection that failed on the circuit breaker update did not remove the green check mark from the Last Successful Collection Date field.

SF-1063378

ACM-82700

After unmapping users from the accounts, the users sometimes erroneously retained access.

SF-1100498

ACM-83252

Procedures to purge older raw datasets caused circuit breaker failures when they erroneously purged raw datasets for collectors queued for processing.

ACM-53235

Internal data files such as STX tables and temporary data files in the server/default/deploy/aveksa.ear/aveksa.war/WEB-INF/AveksaDataDir directory were not removed as expected if the "Remove Internal Data Files After Upload" option was set to Yes.

SF-1068551
SF-930028

ACM-83338
ACM-73635

For users making role changes, role data collection would sometimes cause deadlocks due to database-stored procedures making unnecessary row updates to roles, even when they were not changed.

SF-596501
SF-714442
SF-820106

ACM-50485

Collection fails with an unclear error message when the collection source contains a special character that cannot be parsed.

SF-1115169

ACM-84129

Starting a unification run with migrated user records from before 7.x failed with "ORA-30926: unable to get a stable set of rows in the source tables" in 7.0.2 p2.

SF-1121551
SF-1128128

ACM-84547
ACM-84928

Unifying data with duplicate values caused failed collections with the message "ORA-30926: unable to get a stable set of rows in the source tables".

SF-1103183

ACM-84750

The "Who Has Access" tab for Data Resources was not populated after a long-running data collection by the primary DAC that was misidentified as secondary.

SF-1059311

ACM-83235

The DAG collector stalled after pre-processing a large data validation query.

SF-988361

ACM-83488

The account and entitlement data collectors did not collect user attributes CAS6 through CAS10 for indirect group entitlements.

SF-1133387

ACM-85100

The account and entitlement data collectors did not collect CAS user attributes in the correct order and could not properly assign the value of CAS10 as a result.

SF-1101593

ACM-83516

Unifications could fail due to improper clean-up of the tables used for prior data collections.

SF-1131773

ACM-85098

Unification sometimes assigned a deletion date for users that prevented them from logging in.

SF-1097757
SF-1119006
SF-1042848
SF-1042140
SF-1114071
SF-1126989
SF-1077894

ACM-85534

Temporary STX tables were left behind if the circuit breaker was triggered.
ACM-85488User access to data resources could not be reviewed if assigned only through a group that was not properly tagged after data collection.

SF-1058100

ACM-80563

When a user was moved from one IDC to another, unification terminated the original user and created a duplicate user.

Database Management/Performance

                       

Issue

Description

SF-01123301

ACM-84609

Data archiving had a processing failure.

SF-1164598

ACM-86987

The database slowed, reported multiple errors, and then used up all resources when conducting bulk reviews on thousands of items.
  

Email

                           
IssueDescription

SF-1067879
SF-1069696
SF-1134843

ACM-81341

If the special character % was in the e-mail content, then the email could not be generated.

SF-1039470

ACM-79253

Emails generated for exported reports incorrectly capitalized the report file extension.

SF-1101300

ACM-83537

Reports exported to an Excel spreadsheet did not restore a previously deleted temporary folder and, as a result, returned blank rows instead of the expected data.

SF-1086751

ACM-83216

Email processing failed and displayed the error "Wrong user replied" for approvals sent to dynamically assigned approvers in a role.

Installer

                                       
IssueDescription

SF-970037
SF-1108073

ACM-76001

Aveksa.ear contained duplicate files that caused zip errors during deployment.

SF-1137353
SF-1142351
SF-1138013

ACM-85438

The installer checked for unneeded packages and caused installation in a WildFly environment to fail.

SF-1115317

ACM-84107

A typo appeared in the installOracle.sh script.

SF-1129043
SF-1139113
SF-1136656

ACM-85437

Installation or upgrade on Red Hat 6.5 and 6.8 failed when IPv6 was disabled.

SF-942673

ACM-73935

The installation or upgrade process would get stuck when one or more required install packages were missing.

SF-1130896
SF-1139955
SF-1150455

ACM-85021

The aveksaWFArchitect.ear file could not be deployed on WebLogic 12.2.1.3.0 due to a conflict in the Java Spring-Boot library.

SF-1150455
SF-1176964

ACM-86894

A schema could not be created or migrated when using non-default tablespace names.

Password Management

                   

Issue

Description

SF-924320

ACM-73375

The View Password URL could not be correctly configured through the User Interface.

SF-1069908

ACM-81479

Password validation did not work consistently from the user interface and from an external password reset link.

Reports

                                       

Issue

Description

SF-1043556

ACM-81849

The / character in a report file name created a report schedule that failed if the option to send attachments was enabled.

SF-1004352

ACM-79058

A new chart could not be created with the same name as an existing tabular report.

SF-826817

ACM-67195

Reports exported using the .xls file extension were not properly formatted.

SF-767212
SF-824328

ACM-60522

After upgrading, reports containing Cyrillic characters still did not display correctly when exported as .xls or .csv filetypes.

SF-838887

ACM-71716

The report template "Entitlement Review Item Details by Reviewer" did not display the custom review state.

SF-01143644

ACM-85658

The order of the list columns available in the Report Column tab changed randomly.

SF-647482

ACM-52763

Imported Custom Report templates copied unnecessary attributes that caused errors.

Request Forms

                                                   

Issue

Description

SF-1025815

ACM-82420

The validation URL did not work for the "Drop Down Select from Web Service" control type.

SF-1084223

ACM-82486

The form tooltip for tables did not display when added to a question.

SF-1059905

ACM-82742

A question with a multi-select drop-down control did not trigger a display condition tied to selecting a drop-down option unless the same condition was also assigned to a secondary control.

SF-992540

ACM-76461

Forms did not display terminated users when a custom form or form list was opened by a request button action.

SF-1065124

ACM-81155

On request and approval forms, when using a submission question with a Select Drop Down list, only the first value was used.

SF-792046

ACM-65018

Non-visual entitlement tables were displayed on a submitted request form.

SF-1112926

ACM-85657

Out-of-the-box Application Business Source attributes returned null values when called through variables in request forms.

SF-931948

ACM-74069

An entitlement table field on an existing request form with a "Show child entitlements of" attribute did not retain its value when copied to a new request form.

SF-1013039

ACM-77523

An option in a Drop Down Select control could not be deleted if the user put single quotation marks around the value.

SF-1086944

ACM-83740

Multiple entitlement tables that used Display conditions, Enable conditions, and Form variables in their entitlement rules sometimes displayed improperly.

Role Management

                                               

Issue

Description

SF-1069369

ACM-81602

The user interface for coarse-grained role reviews provided options to remove or edit members and entitlements, even though coarse-grained role reviews are intended for high-level review and not to make individual changes.

SF-817316
SF-844023

ACM-65297

Custom attributes created with the same name but assigned to different entitlement types appeared identical and did not work correctly when setting an entitlement rule in a role set.

SF-1112926

ACM-85657

Out-of-the-box Application Business Source attributes returned null values when called through variables in request forms.

SF-1149895
SF-1083679
SF-1123786

ACM-86112
ACM-83273

Fixes to the role set persistence of a role caused problems with entitlements when there were role set changes.

SF-1142958

ACM-85634

A Null pointer exception error occurred when creating a new role while logged in as the business role owner of a role set.

SF-1089845
SF-1132001

ACM-84396

Cascaded roles were missing to be added as entitlements while creating a change request from the Role Missing Entitlements rule execution.

SF-1078256

ACM-82957

After importing a modified XML file of existing global roles, the Long Description was not updated.

SF-839546

ACM-66820

A new role with no members or entitlements did not appear in search results when the search filter was set with the member or entitlement count as zero.

SF-963152

ACM-63734
ACM-75430

Collected roles that were exported did not fully import when imported into same environment.

Rules

                                                       
IssueDescription

SF-1052613

ACM-84945

When the Attribute Change rule for Managed Attributes used the "Set to old value of" argument, the rule sometimes failed to set values after the first user matched by the rule.

SF-1120488

ACM-84536

During access request creation, when a user views the Accounts selection screen and then goes back to the previous screens to make changes, violations by the new changes were sometimes not displayed.

SF-1127651

ACM-84810

Out-of-the-box workflow form controls were listed in the Violation Remediation node that did not work for the node.

SF-1114903

ACM-83574

Changing the User Access/Separation of Duty Rule definition closed some violations but left their remediation workflows active.
ACM-83212New violations could incorrectly be added to existing remediation workflows, when a new workflow was necessary.

SF-1105975

ACM-83937

The number of violations did not appear correctly in the status column.

SF-1057748
SF-1125122

ACM-84105

The user interface did not display violations that were not in sync with the remediation workflow to remediators.

SF-1125118

ACM-84592

A rule violation remained in Pending Revocation status after rejection of a corresponding change request item.

SF-1101217

ACM-83760

An Out of Memory error occurred while processing a large number of Role Membership Rule Difference rules.

SF-1095861

ACM-83120

When a change request was created by a role change, decision Nodes ignored the "Contains at least one violation" condition.

SF-1025263
SF-1026091
SF-1073300
SF-1126913

ACM-78589

Change requests created by an unauthorized change detection rule identified the wrong user in the details.

Security

               

Issue

Description

SF-1095483

ACM-84155

Applied security fixes for workflow editor properties.

Server Core

               

Issue

Description

SF-903632

ACM-71675

A domain controller node in a hardware appliance with a local database could not stop, start, restart, or status-check the database using the aveksa_cluster script.

User Interface

                                                       

Issue

Description

SF-596472

ACM-51112

When editing review definitions, the Allow Expiration and Comments are Required checkboxes were cleared if the user switched tabs.

SF-843449
SF-931419
SF-932453

ACM-67243

Logging out led to a blank screen if confirmations for logging out were disabled.

SF-791436

ACM-62724

After adjusting table options, some columns did not display as configured when switching from a Group review result to a User review result.

SF-1001038

ACM-77791

The Max Users Per Change Request setting in Access Configuration disappeared from the Settings tab if not assigned a value.

SF-1086944

ACM-85029

Performance issues occurred on the General tab of a role set after applying entitlement and membership rules.

SF-884453
SF-884449
SF-936962
SF-982809
SF-1084195

ACM-73706

Heartbeats, which help to avoid server timeouts when using forms and the Architect workflow editor, generated benign errors in the server log.

SF-1127021
SF-1149655
SF-1152703
SF-1149987

ACM-85554

Changes in the customerstrings.properties file were not saved after an application server restart.

SF-620510

ACM-52883

Underscores and spaces incorrectly replaced Hebrew characters in the user interface.

SF-1110294

ACM-85141

The unique_ID attribute was not displayed on the summary page after changing the language under user options.

SF-1104724

ACM-84228

Extended user attributes were not displayed on the summary page after changing the language under user options.

SF-967960

ACM-76184
ACM-76185

Attributes did not display when searching in the Business Units or Application list.

Web Services

               
IssueDescription

SF-1035349

ACM-81967

Web service requests did not show affected users.

Attachments

    Outcomes