Fixed Issues

Document created by RSA Information Design and Development Employee on Dec 12, 2019Last modified by RSA Information Design and Development Employee on Aug 20, 2020
Version 11Show Document
  • View in full screen mode

The following issues were fixed in RSA Identity Governance and Lifecycle version 7.2.

Access Certification

                                                                                                                                                       

Issue

Description

ACM-96153

SF-1332517

After the scheduled run time for a review was changed, the task was duplicated in the memory and the review was run multiple times.

SF-1322438

ACM-95464

Review escalations scheduled to run before or after the review due date were not triggered when either the escalation was scheduled after the review due date had passed or when the application was down during the due date.

SF-1261298

ACM-94057

When a role containing app-roles was deleted in a role review, change items to remove the app-roles were not generated.

SF-1274991

ACM-92885

The user interface took a long time to load certain tabs in reviews that had large data sets.

SF-1215357

ACM-89832

Users were able to schedule reviews and collectors using a past date.

SF-1325510

ACM-95533

Multi-step review generation failed when secondary step definitions enabled the user selection option "By selecting supervisors and using their subordinate users.”

SF-1292722
SF-1310682

ACM-94322

A review with a value for SIGN_OFF_ENABLED other than Y or N caused a server startup failure.

SF-968449

ACM-76811

In a review definition that already had a coverage file that determined the monitors, if the definition was edited to deselect the coverage file option, the earlier coverage file was still saved with the review definition despite being displayed as unselected in the user interface.

SF-1284174
SF-1268046

ACM-95654

An SQL error occurred when changing a review state to complete.

SF-1382502

ACM-98334

The reassign action in the review user interface took longer than expected.

SF-1255036

ACM-91744

Review analysis failed with the ORA-01706 error.

SF-1400318

ACM-99052

The review monitor/owner interface loaded slowly, even when no table data was displayed.

ACM-99046

Clarification was required on the review definition user interface to indicate that user selection is not used for rule actions.

SF-1415644

ACM-99914

Escalation workflows erroneously allowed the assignment of reviews to deleted supervisors.

SF-1395553

ACM-98860

In an environment using AFX, when deleting review results that had the "Delete pending change requests" option selected, the "ORA-02292: integrity constraint violated" error occurred.

SF-1284145

ACM-93466

Group review definitions erroneously displayed the Include Users option.

SF-1315720

ACM-95128

A role review caused changes in the review state even when all review items were maintained.

SF-1397681
SF-1395088

ACM-98952
ACM-98950

The By Monitor tab for group and role reviews showed incorrect display names.

SF-1373306

ACM-98532

Account Review Change Preview tab did not download content when exporting the table.

SF-1454043

ACM-101533
ACM-101507

Completed Review Escalation Tasks and RefreshReview tasks were erroneously listed in the schedule information under AdminMonitoringSchedule Information.

SF-1451847

ACM-101388

Coverage files were erroneously not applied to review items associated with deleted objects.

SF-1385200

ACM-98887

Inefficient SQL statements were called with every move through the tabs of the Role screen.

SF-1355180

ACM-98148

The EmailByMonitor message type did not consider the configured columns in the review. Instead, it had only considered the hard-coded columns.

SF-1372625

ACM-97914

When performing review analysis, the ORA-30926 error could be generated when calculating unchanged review items because of the incorrect join that compared old review items to items in the current review.

SF-1383316

ACM-98384

Account reviews that filtered accounts and groups could experience poor performance during review generation.

SF-1485254

ACM-102392

A blocking session could occur as a result of the ORA-30926 error in the RULE_FUNCTIONS package in certain circumstances when a reviewer approved exceptional access for a user.

SF-1432487
SF-1413795

ACM-100615
ACM-99694

Custom Attribute placeholders were not properly allocated and propagated for Review components and Rule Violations.

SF-1478947

ACM-102238

In user access violation reviews, comments were always required for the revoke state even when the "Comments are required" option was not selected in the review definition.

SF-1469419

ACM-101995

Delegation from the user interface created duplicate coverage entries resulting in reviewers seeing the same review item twice.

SF-1481931

ACM-102302

Violations for terminated or deleted users were erroneously unassigned in the User Access Violation Review.

SF-1379553

ACM-98675

Filtering on the Account User column in account reviews threw an IndexOutOfBound error when the accounts in review had changed from one of orphaned, single user, or shared to another during collections that occurred after the review is generated.

SF-1443568
SF-1279723

ACM-93656
ACM-101051

A role review could not be completed if the role had a parent, due to review generation incorrectly adding the parent role as a sub role.

SF-1474519

ACM-102154

When exceptional access granted from a violation review expired while the same review was still active, the violating entitlements were no longer excepted, and the remediator was unable to re-grant exceptional access.

SF-1196476

ACM-88715

The new reviewer interface has been optimized to perform better in Internet Explorer 11. Previous browser memory issues experienced when selecting multiple reviews has been resolved.

SF-1359181

ACM-97300

Duplicate role memberships caused the following error when running a user access review: "ORA-20126: The creation of reviews failed. Stored Procedure:Parse_Roles_In_User_Review execution aborted. ORA-01427: single-row subquery returns more than one row".

Access Requests

                                                                                               

Issue

Description

SF-1286545

ACM-93599

A "Remove account to group" change request from a webservice did not set the affected users in the request information.

SF-1299740

ACM-94324

Change requests to remove a user from a group that were generated by a Group review did not complete if the fulfillment workflow was configured to “Create a Job per group.”

SF-1264368
SF-1249082

ACM-93112

Optimized statements for Change Requests involved with determining missing or extra indirect entitlements.

SF-964505

ACM-74785

When a user is granted the same entitlement through both a role and an account and the account is deleted from the user, an error occurs when the role is later deleted from the user.

SF-1316456

ACM-96218

Pre-processing for unauthorized change detection failed with the ORA-06402: PL/SQL: numeric or value error.

SF-1343435

ACM-96760

Subject of email incorrectly contained HTML markup.

SF-1324409

ACM-97577

When users clicked a link to a change request in an email, after logging in, they were redirected to the home page instead of the change request.

SF-1323250

ACM-97156

The Revert Completed Changes option was missing from the cancellation pop-up when canceling a change request, even though completed items existed.

SF-1396177

ACM-98900

When multiple sessions changed role-related items, such as users or entitlements, deadlocks could occur when refreshing role metrics, which interrupted processing.

SF-1374516

ACM-98212

A change request in the Pending Submission state could not be canceled from the user interface when 'Allow Cancel in Fulfillment Phase' was set to false in the workflow.

SF-1332855

ACM-98331

AFX incorrectly indicated a failure after removing entitlements from deleted accounts in SAP.

SF-1341142

ACM-96663

Passwords and encrypted fields with a value starting with the characters "ENC" failed with the following error: "java.lang.IllegalStateException: An issue with handling encryption was encountered".

 

ACM-89679

If a user closed the browser or navigated away from the page using any function other than the cancel or back buttons, entries for pending accounts were left in T_AV_ACCOUNTS.

SF-1162529

ACM-87884

The request button type Add/Remove Using Request Sources did not have an option for including terminated users.

SF-1277795

ACM-95117

Local entitlements were not provisioned to the user when given through an account or when the directory for accounts was set in an application.

SF-1211444

ACM-89746

The Workflow Architect failed to load when using SSO because the double slash // in the URL caused issues with some web agents.

SF-1398246

ACM-98991

Refreshing any review data other than business descriptions resulted in coverage information automatically refreshing, even when the option to refresh coverage was not selected.

SF-1259341

ACM-95270

Under RequestActivities > By Entitlement and ApprovalsBy Entitlement, table columns either were not properly displayed or displayed incorrect data from other attributes.

SF-1499545

ACM-102679

When multiple roles exist with the same raw name due to deleted roles, creating a change request for that role failed because the system selected a deleted role entry instead of the active entry.

SF-1423357

ACM-100749

In a change request, the role name is displayed inconsistently, at times using the role raw name.

SF-1490087

ACM-102516

Some Role Names were unexpectedly changed to Role Raw Names without a change request.

ACM Security Model

               

Issue

Description

SF-1224247

ACM-90477

Account information on the MAEDC wizard was not displayed as expected to users authorized to edit or administer the MAEDC.

Account Management

                           

Issue

Description

SF-1302083

ACM-94348

When saving the data from an application accounts table as a CSV file, the column name "Is Deleted" was displayed in the CSV output along with HTML code for an unneeded special character.

SF-1373606
SF-1377093

ACM-99457
ACM-99353

Duplicate accounts were created when a pending account was created with the same name but different capitalization as another account in a case-insensitive ADC. The next time the accounts were collected for the case-insensitive ADC, the pending account’s name is updated to match the capitalization, which caused duplicate accounts in the system. The system will now take an ADC's case-sensitivity into consideration and result in an error when necessary.

SF-1301058

ACM-94501

When generating a request, if a resolved pending account name already existed but was deleted, the reactivated account was not updated for all of the change items that depend on the pending account.

SF-1354678

ACM-97131

Account creation change requests could fail when the account parameter was mapped with attributes of more than one type, because the code failed to group them based on the type.

Admin Errors

               

Issue

Description

SF-1265089

ACM-92855

The Account Load Data error was not listed for available types in the properties of a Create Admin Error workflow node.

AFX

                                                                           

Issue

Description

SF-1297770

ACM-94271

When the database suddenly went down or was unable to connect to AFX, AFX stopped running until the AFX service was restarted.

SF-1169677

ACM-87391

In a clustered environment, afx start incorrectly checked for the application running in standalone mode.

SF-1240999

ACM-91585

Improved error messages with regards to connector configuration.

SF-1033350
SF-1193133

ACM-87007

AFX requests were getting stuck after upgrading to 7.x.x with the error "Error handling AFX primary request java.lang.NullPointerException", due to the schema change.

SF-1368720

ACM-98673

A provisioning command node stalled the workflow if the AFX request was in an invalid state.

SF-1363199

ACM-97530

Unable to update the implementation JAR in a Java code based connector after migrating from 6.9.1 to 7.1.0 due to a due to a JAR-type mismatch.

SF-1381197

ACM-98389

The AFX RESTful web service failed to process responses when the response body was empty.

SF-1300643

ACM-94655

On a request form, when a form field was mapped to a provisioning parameter that contained encrypted values, the form did not properly substitute the correct value when generating the request.

SF-1304327
SF-1395022
SF-1271598
SF-1353050

ACM-94413
ACM-92673

Hardened communication between AFX server and ActiveMQ JMX interface.

SF-873061

ACM-53444

AFX logs reported that headers were not being used in JMS Message-compliant way.

SF-1416609

ACM-100119

Parameters in provisioning with a value starting with the characters “ENC” failed with the following error: "java.lang.IllegalStateException: An issue with handling encryption was encountered".

SF-1191999

ACM-93039

Output parameters were not resolved when DN suffix mapping was used for account creation.

SF-1341660

ACM-96646

The ISIM 6.0 connector timed out when testing the connector, and Test Connector Capabilities indicated a "class not found" error.

SF-1436291

ACM-101311

Removed unnecessary directories from AFX that contained demo and example files.

SF-1311774

ACM-94925

Standalone AFX installation failed to start because of the missing file /etc/aveksa.conf. Because this file is only required when AFX is installed in a WildFly application server, this requirement has been removed.

SF-1110258

ACM-87246

If the database goes down and causes AFX to require a restart, the logs do not display the correct reason for the AFX going down.

Attribute Synchronization

               

Issue

Description

SF-944325

ACM-74170

Attribute synchronization change requests resulted in inconsistent updates in Active Directory. Now, when attribute synchronization requests are automatically fulfilled and missing mapped attributes for required command parameters, the system uses the last collected attribute values from the account.

Authentication

                   

Issue

Description

SF-1309424

ACM-94936

PV_AUDIT_EVENTS erroneously displayed logged users as AveksaAdmin instead of the user logged in through SSO.

SF-1329501

ACM-95778

When multiple SSO User Headers authentication sources were configured, an authentication source was randomly picked without verifying the authentication source name during authentication.

Change Requests and Workflows

                                                                                                                                               

Issue

Description

SF-1266678

ACM-93462

The "Assign to" list incorrectly showed as an option for Resource Selection.

SF-1277724

ACM-92992
ACM-92993

The REST Node POST request body mandated XML code that was not required.

SF-1281281

ACM-93288

Changes to customerstrings.properties did not reflect in the change request milestone display.

SF-1275666
SF-1181059

ACM-95849

The workflow setting "Show job level variables" did not work as expected.

SF-1293434

ACM-95053

In a fulfillment workflow, REST nodes did not display job variables as expected.

SF-1311025

ACM-94899

A change request was canceled when an approver approved an indirect role that was deleted.

SF-1396080

ACM-99600

In the Workflow Architect, the node editor displayed a role's raw name in the Resources panel of the node editor, but the Resource drop-down menu in the dialog displayed the role's alt name.

SF-1346399

ACM-98948

Email-based rejection of approvals did not cancel all remaining tasks, resulting in inconsistent behavior compared to UI-based approval rejection.

SF-1416746

ACM-99841

When changing the state of a change request item, the indirect items for that change request did not always have their states changed.

SF-1396244

ACM-98904

When a change request workflow contained a decision that used the filter "Contains at least one violation", the change request did not go to the True transition when expected.

SF-1323017

ACM-95472

In a change request with an approval phase that contained two approval activity notes configured to send an email to the approvers, an email was sent only to the first reviewer and not the second.

SF-1426513

ACM-100295

In a workflow that is configured to group by business source, password resets skipped the workflow and the change request workflow completed with the item still in Pending Action status.

SF-1414918

ACM-99719

Approval workflows randomly ran simultaneously in a change request.

SF-1405274

ACM-99718

When entitlements were grouped by category, auto-approve did not work as expected.

SF-1320224

ACM-95340

Unable to hide the attachments in change requests.

SF-1277646

ACM-93113

Parallel Phase Nodes duplicated workflow and fulfillment jobs because of concurrency errors.

SF-1317500

ACM-95367

After attempting to remove the Edit and Cancel buttons for change requests by deselecting options to Edit and Cancel within the request workflow, the buttons were still visible and actionable in certain circumstances.

SF-1322920

ACM-95537

When change requests were split based on the Max Items settings, the generated requests did not have a set fulfillment date.

SF-1379276

ACM-98244

After upgrading to 7.1.1, tables in email nodes in workflows were malformed.

SF-1366953

ACM-98397

The error "RSA002: Invalid Configuration" was displayed during workflow runtime for a REST node, even though the node was successful.

SF-1372602

ACM-98859

Reassign Escalation Workflow and Technical Approval nodes changed the watch Workflow ID to the escalation Workflow ID.

SF-1461377

ACM-101694

An access request generated thousands of unrelated activities when a call to filter change request items for a subprocess returned an empty list. Now, if this occurs, an exception occurs and an error message is displayed for user interface operations. For operations that are not performed through the UI, the processing will go to the Error state.

SF-1445481

ACM-101508

A pending change item with the type Container was erroneously displayed in the User Changes table.

SF-1436645

ACM-100872

A user could submit a change request with a pending submission from the Additional Information submission screen. This fix disables the Finish and Next buttons in this use case.

SF-1429237

ACM-100448

AdminWorkflowMonitoring did not update the Pending Verification (Count) icon when the number of pending verification items changed.

SF-1211444

ACM-89746

The Workflow Architect failed to load when using SSO because the double slash // in the URL caused issues with some web agents.

SF-1302839

ACM-96673

Could not open workflows because the URL contained a double slash //.

SF-1344121

ACM-97053

Variables were not populated in emails for account review change requests when revoking an account from a group.

SF-1391209

ACM-98951

In the out-of-the-box Reassign to Supervisor node, the Comments field was missing from the Resource sections.

SF-1459859

ACM-101767

Workflow emails removed hyperlinks upon saving if they contained variables.

SF-1220303

ACM-90557

When workflow change grouping was set to "Create an individual job for each change", the list was limited to 100 change items on one page, rather than allowing for paging.

SF-1424622

ACM-102500

Users who had previously been in a group but were no longer in the group were erroneously assigned activities and tasks. These users could see the tasks but not perform any action.

SF-1456201

ACM-101726

Hyperlinks in the email template of a workflow node were not saved if the value contained a job-level variable.

Collector

                                                       

Issue

Description

SF-1299910

ACM-94323

The Salesforce ADC was missing attributes listed in the datasheet.

SF-1298037

ACM-94661

The ServiceNow collector failed after certain plug-ins were activated.

SF-1131553

ACM-85344

The Salesforce Entitlement Data Collector on versions 7.0.0 or 7.0.2 failed when collecting large data sets.

SF-1262200

ACM-92309

The account data collector incorrectly processed the AD PwdLastSet attribute when the value was set to zero.

SF-1196283
SF-1282645

ACM-90783

Data on the account/entitlement collector page loaded more slowly than expected.

SF-1437194

ACM-101006

An account collector had performance issues when searching for a cycle of groups in an environment with multiple ADCs when one ADC collected the majority of groups but the SQL explain plan was not appropriate for that collector.

SF-1453582

ACM-101456

After modifying a collector, the Last Modified value was not updated.

SF-1348150
SF-1319278
SF-1305102

ACM-94653
ACM-95318
ACM-97281

Updated the driver that does SQL processing of the CSV files involved in collections. This address bug fixes in the driver on earlier versions.

SF-1399784

ACM-99256

Modified the Workday collector response group filter and attribute configuration to optimize response time.

SF-1437248

ACM-100836

The Archer account data collector switched the values for email and phone numbers in collected data.

SF-1333739

ACM-95879

An LDAP collector with an Active Directory endpoint was unable to collect group membership for groups with more than 1500 members.

Connector

                           

Issue

Description

SF-1271097

ACM-92670

AFX connectors were unable to handle role membership changes, and displayed an error that the command was not supported on the endpoint.

SF-1339473
SF-1388869

ACM-96455

The Configure Extensible Attributes fields for Workday did not handle the quote character properly.

SF-1388869

ACM-102065

In the user interface, validation of XPath configuration using the Evaluate XPath button did not work properly, but is now fixed.

SF-1503298

ACM-102857

Difficulty saving Active Directory connector after performing a migration.

Custom Attributes

                           

Issue

Description

SF-1295911
SF-1345994

ACM-94081

After setting a specific user as a Backup Business Owner or Backup Technical Owner for any Directory, Application or Role set, when the user's name was changed through the IDC, the CAU1_NAME attribute was not updated and the application object showed an outdated name in details, tables, and pop-ups.

SF-1276994

ACM-94117

After upgrading, custom attributes were missing from the PV_USER_ALL_ACCESS view.

SF-1276541

ACM-92962

When editing an object on which a managed custom date attribute was previously set, the attribute field was blank.

SF-1414773

ACM-99715

The field length of custom attributes did not match the field length in the base tables.

Dashboard

                       

Issue

Description

SF-1156786

ACM-88676

An object dashboard was not displayed in the order expected based on the specified Display Sequence value.

SF-769669

ACM-60805

A dashboard using the component System Portlet: System Summary displayed incorrect values.

SF-1215915

ACM-89817

Dashboard import and export created new dashboard topics instead of overriding previous topics.

Data Collection Processing and Management

                                                               

Issue

Description

SF-1242815

ACM-91761

The Last Reviewed Date OOTB attribute erroneously showed as an available collector mapping attribute in the UI.

SF-1333332

ACM-95877

The “Is Terminated” attribute was not being displayed as collected for some unified users.

SF-1323406

ACM-95768

Indirect relationship processing failed with the following error: "ORA-30926: unable to get a stable set of rows in the source tables."

SF-1409520

ACM-99595

Optimized unification to reduce the use of TEMP tablespace.

SF-1393271

ACM-98822

Unification cleanup for the User Mapping table took longer than expected due to the table containing excessive data.

SF-1423086

ACM-100161

Unification failed with the “ORA-30926: unable to get a stable set of rows in the source tables” error when a IDC had join attributes change

SF-1176575

ACM-98306

Identity collectors created duplicate entries for users after their accounts were terminated, reinstated, and then terminated again.

SF-1405466

ACM-99282

Inactivating an IDC that creates users and moves a subset of users to another collector creating users could cause duplicates in the next Unification run.

SF-1469467

ACM-101996

When a user record was terminated during an IDC full refresh, a duplicate identity record could be created during a user rehire scenario.

SF-1460577

ACM-102332

Change Verification was not using an optimal Oracle execution plan for environments with many Accounts and Change Requests for new Accounts, and caused performance delays.

SF-1468789

ACM-102074

Hyperlinks were removed from the comments section of a group collection.

SF-1447410

ACM-101223

Role membership stopped working as expected when an IDC was disabled.

SF-1463297

ACM-102093

After a role membership was removed from source data, the raw data reflected the change, but the user remained a member of the role.

Database Management/Performance

                                                                                           

Issue

Description

SF-1280916
SF-1330311

ACM-94602

When running the data archiving function, the data archiving process completed as expected but the purging process fails due ORA errors.

SF-1380172

ACM-98282

Reviewers performing a bulk revoke during a fine grain role review experienced performance issues.

SF-1353607

ACM-98233

Users experienced performance issues with the email log page.

SF-839629
SF-1129089

ACM-66800

Source data tables had Oracle logging disabled, resulting in potential Oracle data file corruption.

SF-1403444

ACM-99867

When database purging exceeded the threshold of four hours, the process did not exit and complete as expected.

SF-1445091

ACM-101159

A database script (ACM-95711.sql) was not able to handle cases when Unicode characters appeared in strings, because the function "LENGTH" counts characters.

SF-1401651

ACM-99098

The system performed slowly after upgrading and using Oracle 12.2.

SF-1291300

ACM-93837

RSA Identity Governance and Lifecycle did not start during remote database switchover.

SF-1316146

ACM-95109

Additional columns that were added to the Groups table were not exposed in all views.

SF-1350067

ACM-97048

Data archiving runs failed.

SF-1367049

ACM-97770

Migration from 7.0.x to 7.1.x failed with the following error: "ORA-01720: grant option does not exist for 'SYS.DUAL'"

SF-1367802

ACM-97881

Users experienced performance issues with the overall user interface, workflows, and collections.

SF-1377550

ACM-98168

Data purging failed due to the ORA-02292 error while deleting data from work point tables.
ACM-98488After creating 500 SoD rules using a correlation specification, rules processing exceeded 17 hours.

SF-1441958

ACM-100974

During archive creation, the archive start date was calculated incorrectly resulting in the following error: "The archive Start and End dates can not be overlapping with the existing archives."

SF-1437637

ACM-100899

After deleting archive runs from the monitoring page, the runs were deleted from the system and an error was displayed when trying to view the archive table.

SF-1292988
SF-1402880

ACM-94898

Performance problems could occur while accessing the raw data for a collection when there was a large amount of rejected data in the tab being accessed.

SF-1457793

ACM-102310

After running the createSchema.sh script, initialization completed with errors.

SF-1405377

ACM-99347

A Security Context's sub-query with embedded SQL hints was causing poor performance of another query.

SF-1338347

ACM-96730

After upgrading, the default value of is_deleted in the T_MASTER_ENTERPRISE_USERS table was changed from 0 to null.

Email

               

Issue

Description

SF-1293405

ACM-95236

Special characters were not displayed properly in email subjects.

Installer

                   

Issue

Description

SF-1235688
SF-1419955

ACM-92268

During virtual application installation, the following error could occur in environments with a customer-supplied database: “[Step 1 of 9] Error configuring certificates ('./configureSSLCertificates.sh')”.

SF-1099684

ACM-84154

Installation of RSA Identity Governance and Lifecycle 7.1 for software bundles and hardware appliances with local databases failed because the installation script checked for packages that were not required.

Metadata Import/Export

                       

Issue

Description

SF-1408780

ACM-99393

All items on the metadata export screen were erroneously selected when browsing between pages.

SF-1395168
SF-1372664

ACM-98888
ACM-98502

When a customer added a custom user-type attribute named Technical Owner, Business Owner, or Exception Manager, an ORA-00904 error occurred during the creation of public views.

SF-1355771
SF-1436973

ACM-97215
ACM-101387

Deleted entitlements were referenced when importing a role definition.

Migration

                               

Issue

Description

SF-1341401

ACM-96645

Deprecated migrate_deleted_connectors code because it was failing during role migration.

SF-1373931

ACM-98050

Database migration stalled with the ACM-76636_2.sql query processing for three days.

SF-1406053

ACM-101119

Upgrading to a patch failed due to increased security restrictions on the "DUAL" table when it was used by Views. RSA Identity Governance and Lifecycle has now deprecated the use of this table in views.

SF-1342412

ACM-96551

The migration script ACM-72719.sql failed with the ORA-19011 error.

SF-1419230

ACM-100075

Migration from 6.9.1 failed due to locked statistics on some tables.

Platform

                               

Issue

Description

SF-1019541

ACM-78253

After running the HardenHTTPSProtocols.sh script in the /home/oracle/deploy directory, the following error occurred: “WARN: can’t find jboss-cli.xml. Using default configuration values.”

SF-1313737

ACM-95186

The modifynetworksettings.sh script did not modify the /etc/hosts entry and instead added an additional line.

SF-1019541

ACM-78255

The HardenHTTPSProtocols.sh script, which enabled TLS 1.2 protocols, did not successfully run. This script has been deprecated, because TLS 1.2 has been automatically enabled in RSA Identity Governance and Lifecycle since version 7.0.1.

SF-1313737

ACM-95191

The modifyhostname.sh script attempted to run when the Oracle database was down, resulting in errors. It now only runs if the database is running.

SF-1216487

ACM-91090

Sudo access as the aveksa or oracle user did not work after a fresh installation of RSA Identity Governance and Lifecycle.

Provisioning

               

Issue

Description

SF-1184940
SF-1223424

ACM-88349

An Oracle ORA-22835 “Buffer to small” error could occur while provisioning an account through AFX under high load.

Reports

                                                           

Issue

Description

SF-1158510

ACM-88913

The OOTB report using the template "Changes in User Global Roles by Date Range" could become stuck due to excessive query executions.

SF-1381866

ACM-98674

System performance was affected by the report deletion process.

SF-1350816

ACM-98190

The audit event name for REVIEW_DEFINITION had a typo.

SF-1347793

ACM-97050

After specifying an equals filter for an application name, its alternate name was saved in the report XML while the underlying view contained the raw name. Because of this mismatch, the report did not generate results or load the filter properly when the report was reopened. This also occurred with other objects that had alternate names. The system now saves the raw name as expected to prevent this issue.

SF-1169924

ACM-87390

Column display names in a report definition were not updated if the alias column name in the query was the same as the display header but with different capitalization.

SF-0688516

ACM-54534

Old attributes in jrxml report definitions resulted in spam to the server logs.

SF-1334676

ACM-96179

Reports that use styles did not retain the style when downloaded to an output file such as PDF or HTML.

SF-1356825

ACM-97280

The default Drop Down Select with Web Service control was unable to pass a request token to a Web Service.

SF-1445499

ACM-101319

ASR report generation failed when the Environment Name was 100 characters of longer.

SF-1406193

ACM-100547

Reports did not display line breaks in the Long Description attribute of entitlements.

SF-1405003

ACM-99240

ASR report generation failed with an ORA-06502 error when an environment name exceeded a length of 100 characters.

SF-1462313

ACM-101728

ASR generation failed when the MultiAppAccount Collector collected data from internal tables.

Request Forms

                                                                       

Issue

Description

SF-1348816

ACM-96918

Checkboxes on a form were not disabled when the form was disabled.

SF-1361380

ACM-97592

Users were unable to submit a form that used an external validation URI, because the Next button was unusable.

SF-1278644

ACM-96541

Request forms allowed the selection of entitlements for a user that they had already been indirectly granted.

SF-1402613

ACM-99476

Unable to attach files to forms using Internet Explorer 11.

SF-1402613

ACM-99474

Unable to attach files to forms if the filename contains spaces.

SF-1303005

ACM-95574

When localizing the language of request form elements, the prefixes for the localized properties files were not updated to the correct form type when the entire form type was updated.

SF-1429864

ACM-100556

After performing an upgrade, an error occurred loading the fields in a request form that had previously worked.

SF-1442831

ACM-101157

When a JSP file was referenced in the Validation URI for a request form, an exception occurred.

SF-1262036

ACM-94030

Could not open an associated request form from a change request.

SF-1346071

ACM-96978

A form element of control type "Drop Down Select with Web Service" received an exception or error string as a value when the "URI from which to get options" is invalid or fails.
ACM-98192Validation URI JSPs did not work when uploaded to the secured JSP pages.

SF-1356824

ACM-98731

Request forms that used additional filters were not isolated from the main query, which caused the user counts to be incorrect.

SF-1401041

ACM-99601

Unable to create an out-of-office request when additional fields under Requests > Configuration > Submission were present but not enabled for display.

SF-1402613
SF-1439285
SF-1474289

ACM-99475

An Invalid Content Type error appeared when uploading an attachment to a form if the filename contained spaces.

SF-1399968

ACM-99321

An Insufficient Privileges to View This Page error appeared when a user attempted to use the password reset functionality.

Role Management

                                                   

Issue

Description

SF-1331149

ACM-95790

During role creation, users who were configured as the Other Technical Owner for some role sets and who had the Role Set: View All entitlement were erroneously able to create roles under any role set.

SF-1331250

ACM-95788

The Role Creation wizard displayed a role set’s raw name instead of the role set name to technical and business owners.

SF-1332139
SF-1349556

ACM-96219

A role membership rule could not be removed or deleted after it was created.

SF-1377952

ACM-98164

When the Apply Changes button was clicked on a changed global role, the View Changes link incorrectly showed the same entitlements as both added and removed.

SF-1208476

ACM-91790

Under rare circumstances, Aveksa Entitlements became out of sync when the privileges were granted or revoked through a Role or a Group.

SF-1238763

ACM-97112

The rule type Role Missing Entitlements did not capture missing Global Role entitlements in email.

SF-1460209

ACM-101676

Role export failed with error ORA-12899 when role names exceeded 128 characters.

SF-1315908
SF-1452871
SF-1456835
SF-1352451
SF-1383398
SF-1378835

ACM-101549
ACM-101846
ACM-101585
ACM-98261
ACM-98346

Roles explosion from a change request failed when there were duplicate roles in the system.

SF-1471813

ACM-102072

After making a change to a role and clicking the Apply Changes button, the role change was stuck for 20 hours as a result of a ClassCastException seen in the logs.

SF-1461755

ACM-101808

A deadlock occurred when two sessions were both calculating role metrics at the same time.

Rules

                                                   

Issue

Description

SF-1333143

ACM-95904

A provisioning/termination rule did not create change requests to revoke entitlements when there are accounts to disable and delete.

SF-1253494

ACM-97325

Segregation of duties rules did not work properly with child application roles.

SF-1326701

ACM-97109

The unauthorized access rule detected and revoked legitimate account to group memberships that had been previously provisioned by RSA Identity Governance and Lifecycle as user changes or Add User to Group requests.

SF-1338165

ACM-97943

User access rules failed during execution.

SF-1345900

ACM-98473

When entitlements of different types had the same ID, suggested entitlements could include empty or invalid entitlements. The query has now been fixed to join on entitlement type as well as ID.

SF-1322268

ACM-95316

The Attribute Change rule skipped users when multiple Rule runs were queued.

SF-1382297

ACM-98319

A segregation-of-duties rule with a correlation attribute created violations with one bucket only.

SF-1394356

ACM-98992

Testing a rule took significantly longer to display the results than the time the actual rule run took to generate violations.

ACM-95962

Segregation-of-duties rules took an excessively long time to process.

SF-1195511

ACM-94151

Movers rule processing time increased over time.

Security

                           

Issue

Description

SF-1158051

ACM-87527

Additional validation was required for JSP files uploaded in the Admin section.

SF-1213280

ACM-98087

Improved security of X-Content-Type-Options headers in responses from RSA Identity Governance and Lifecycle.

SF-1213280

ACM-98085

Improved security surrounding the session token for requests to Identity Governance and Lifecycle.

SF-1215185

ACM-90987

Enhanced security in the Workflow Architect.

Server Core

                               

Issue

Description

SF-1354187

ACM-97194

Data purging failed with the following error: “ORA-02292: integrity constraint (AVUSER.FK_T_IDCAV_T_IDCA_ID) violated - child record found.”

SF-1419867

ACM-99916

An error in pending workflow cleanup resulted in RSA Identity Governance and Lifecycle failing to start with the following error: Initialization operations completed with errors. Please resolve the problem(s) before the application server can accept requests. Unable to start service WorkflowService. java.lang.IndexOutOfBoundsException: Index: 0, Size: 0

SF-1396116

ACM-98953

Data purging failed with the following error: "ORA-20001: No jobs were found to delete."

SF-1463337

ACM-101994

Data archiving failed with the ORA-06512 error.

SF-1272396
SF-1427765
SF-1453638

ACM-92729

The Wildfly application server log was not updating as expected after upgrading.

User Interface

                                                                                                                           

Issue

Description

SF-1246951
SF-1220313

ACM-91654

Intermittent high CPU usage caused performance issues in the RSA Identity Governance and Lifecycle user interface.

SF-1048792

ACM-81142

Under Reviews > Activities, when an Actions menu appeared at the bottom of the page, some menu options were cropped out of view.

SF-1324961

ACM-95538

Users granted view access to a group's directory could not see the group members.

SF-1301016

ACM-94283

In the list of applications, the Sensitivity column was not available in the table options under Displayed Columns.

SF-1330310

ACM-95789

A custom help URL did not work immediately after logging into RSA Identity Governance and Lifecycle.

SF-1353826

ACM-97111

Import incorrectly allowed values greater than the defined value of 256 for the short description of business descriptions.
ACM-96675A "request cannot be handled" error occurred when clicking on an external URL request button with a special character in its name.

SF-1154509

ACM-86405

After clicking the back button in a web browser, the user interface displayed incorrect breadcrumbs to link back to parent pages.

SF-1403795

ACM-98899

Menu tabs in the user interface did not load in certain circumstances.

SF-1409748

ACM-99458

Nested items in a drop-down menu were capped at a 25 character limit, causing button names in the dashboard to be truncated.

SF-1393826

ACM-98939

The reviewer interface did not display dates properly when the user interface was configured to use the Polish language.

SF-1330725

ACM-95798

Unable to resize SQL data query boxes in the collector configuration screen.

SF-1274803

ACM-99479

A request error occurred after clicking the History tab for any rule.

SF-1408780

ACM-99270

When account summary table data was saved in CSV format, the data was exported along with HTML tags from the exported table.

SF-1042334
SF-1210846

ACM-79532

After specifying a sequence of attributes under Admin > Attributes, saving the sequence, and then editing any attribute, the sequence no longer displayed correctly.

SF-1446680
SF-1452414

ACM-101222
ACM-101428

When viewing User > Requests or collection run details from the Collector History tab of a specific collector, the displayed breadcrumbs were incorrect.

 

ACM-95187

 

The search option for tables did not work if the string began with the special character #.

SF-1221939

ACM-90251

When the environment name specified under Admin > System contained double quotes, metadata export in Firefox browsers generated an incorrect file name.

SF-673708

ACM-53828

Under Resources > Applications, in the Accounts tab, custom attributes were not displayed for Application Roles or Entitlements.
ACM-92994Proxy protocol changes in a Rest Node could not be saved.

SF-1344459

ACM-96671

When the Ignore Case option was selected, the "one of" search option erroneously remained case sensitive.

SF-1460981

ACM-101695

After upgrading, the Business Source column was missing from the accounts table under the ADC collector. This column has now been added back to the accounts table.

SF-1374347

ACM-98126

Loading the Review Definitions table took an excessive amount of time due to unnecessary fetching of reviewer/monitor coverage data that is not required to render the table.

SF-1220192

ACM-90208

Pop-up windows appeared outside of the viewable area of a user’s screen when the screen had scrollable content.

SF-1440495

ACM-101268

Grouping on the Requests > Requests page erroneously included change lists that were in the pending submission state, resulting in an error when a user expanded a grouping that included one or more pending submission change requests. Group queries now exclude partially submitted change requests.

SF-1456132

ACM-101510

An Invalid Content Type error appeared when uploading a .msg file to a change request.

SF-1437772

ACM-101247

An Invalid Content Type error appeared when uploading a valid file on a request form.

SF-1444601

ACM-101439

The new review interface had some hard-coded text that could not be translated. The text has now been converted so that it can be translated.

Web Services

                                   

Issue

Description

SF-1253334

ACM-92041

Duplicate group names on a multi app collector could cause the web service call that created a change request to choose the wrong group.

SF-983571
SF-1223579

ACM-76016

The User Attribute Change web service reported a "User Not Found" error when the User ID was on record.

SF-1264262

ACM-92518

The documentation for the processRule Web Service did not state that a token was mandatory.

SF-1319168
SF-1325745

ACM-95505

Change requests created from a web service erroneously included a deleted account.

SF-1169306
SF-1250474

ACM-87462

When multiple records were found for userId, the web service failed to update the user's review items.

SF-1402236

ACM-99526

When adding entitlements to a role, if the “one of” filter was used, the ORA-00904: “ENTITLEMENT_NAME”: invalid identifier error occurred.
Previous Topic:Install a Patch
Next Topic:Fixed Issues
You are here
Fixed Issues

Attachments

    Outcomes