RSA Identity Governance and Lifecycle 7.2.0.x Release Notes

Document created by RSA Information Design and Development on Dec 12, 2019Last modified by Erica Chalfin on Mar 27, 2020
Version 8Show Document
  • View in full screen mode

These release notes describe improvements and functional changes to RSA Identity Governance and Lifecycle 7.2 and all released patches, as well as links to fixed issues for each release or patch. This page is updated with each patch.

 

To receive notifications about changes to this page, sign in to RSA Link, click Actions, and select Follow.

 

To view this page as a PDF, sign in to RSA Link, click Actions, and select View as PDF.

 

 

These release notes describe improvements and functional changes to RSA Identity Governance and Lifecycle 7.2 and all released patches, as well as links to fixed issues for each release or patch. This page is updated with each patch.

 

To receive notifications about changes to this page, sign in to RSA Link, click Actions, and select Follow.

 

To view this page as a PDF, sign in to RSA Link, click Actions, and select View as PDF.

 

 

7.2

 

Before You Upgrade

 

Before migrating from RSA Identity Governance and Lifecycle 7.0.2, 7.1.0, or 7.1.1, connect to the database to migrate as AVUSER and run the following SQL statements:

 

TRUNCATE TABLE T_AV_RULE_TEST_METRICS DROP ALL STORAGE;
TRUNCATE TABLE T_AV_RULE_TEST_VIOLS DROP ALL STORAGE;

 

What's New

 

The following sections describe the new features and improvements in version 7.2:

 

 

Feature Highlights

 

Feature

What’s New

Dashboard Facts

Dashboard facts allow you to highlight high-level facts to end users, inviting action items requiring attention. These facts can be configured to redirect to specific pages providing additional insight. Dashboard facts are configured under AdminDashboardsDashboard Components. The out-of-the-box System Administrator Dashboard provides a demonstration of dashboard facts.

System Data and Diagnostics

Diagnostic and system data information is collected either on demand or on a scheduled basis to use in dashboard and custom reports that show system details and trends. The data can also be shared with RSA to provide details on your environment and usage. These details provide RSA with insight that facilitates decisions such as providing extended support and deprecating certain versions, as well as what new features and enhancements to prioritize in upcoming releases.

Administrators can change these settings in AdminDiagnosticsDiagnostics and System Data.

Generic REST Collectors

The new Generic REST collectors support the collection of identity, accounts, and entitlements through REST APIs specific to the endpoint.

Installer

There are several improvements to the RSA Identity Governance and Lifecycle installation process:

  • The installation process has been improved to allow installation using either the root user or oracle user, depending on the specific environment and requirements.

    Installation as the root user is required for deployments in which you use an RSA-supplied database or in which you want to run RSA Identity Governance and Lifecycle as a service. Root user installation is required for any deployment in which sudo functionality is needed.

    Installation as the oracle user is an option for environments that use a remote database and do not require the use of services or sudo functionality.

    For instructions for each of these installation options, see the RSA Identity Governance and Lifecycle Installation Guide.

  • The installation script now prompts users to confirm passwords entered when configuring a remote database.

Web Services

Several improvements were made to web services:

  • All available commands are now organized across several tabs labeled by category. The Settings tab, which is the first tab the user sees, provides a high-level ability to toggle web services on and off, allows the user to specify a list of IP addresses that can be used for commands, and the import directory where some commands may look for content. Those commands will indicate in their details that they use the import directory.
  • The user interface that lists all commands has been redesigned to display the commands in a table format. A user can click the Click for Details link for a particular command to expand a command's row and view details about using the command. The new table includes a security column that uses icons to represent the current settings for the command, and a Configure button to change the security.
  • Security settings are now configured at the command-level. A user can only change the security for a particular command to be stronger than the default, out-of-the-box security setting.
  • Added the deleteCollector web service, which allows users with appropriate privileges to delete a collector from the system.
  • Added support for using a bearer token in request headers instead of passing the token in the URL.
Unauthorized Change Detection (UCD) ImprovementsThe Unauthorized Change Detection rule has been enhanced to detect when there is an unauthorized removal of entitlements from a user, and to allow you to filter on accounts.

User Interface

This release introduces many improvements to the user interface to provide a cleaner, faster, and more consistent user experience. These changes include:

  • An improved notification panel with notifications grouped by date.
  • Redesigned UI components, such as dialogs, buttons, and navigation.
  • Card-based component layout.
  • New icon set for high-resolution displays.
  • Charts now have a modern theme and layout with improved animation. You can now download charts.
  • Added auto-refresh functionality to the pages at AdminDiagnosticsGeneral and AdminDiagnosticsLogs.
  • Added support to upload JavaScript files in the Files tab under AdminUser Interface, which may be used to perform custom validation for request forms or may be referenced from JSP pages. Consult Professional Services before using this feature.
User Pictures

Each user can now have an associated image that is visible throughout the user interface, such as in the menu when logged in, user detail screens, and user pop-ups.

To configure a user picture, navigate to a user's detail screen, click the default image, and upload a .PNG file. Administrators can upload images in bulk from the AdminUser Interface > Files > Users screen, or by using the setUserImage web service.

 

Additional Features and Improvements

 

Feature

What’s New

Access Certification

The following improvements have been made in access certification:

  • The display names for the Review and Revoke buttons for roles in fine-grained role reviews and for groups in group reviews are now specified within the review definition using two new text fields. Previously, the display names for these buttons were configured using the global resources strings RoleReview_Maintain, RoleReview_Revoke, GroupReview_Maintain, and GroupReview_Revoke.
  • When the Allow expiration option is selected for the Maintain state in a review definition, the Display Name text field now appears, allowing users to enter a display name for this state.

  • In a review, the Expiration date field displayed in the flyout for the Maintain with Expiration state, which indicates the date on which the exceptional access expires, has been renamed to Expires on, to avoid confusion with other fields.
  • You can now limit the maximum number of days in the future that a reviewer can set as the expiration date when choosing the Maintain with Expiration state for a review item. The Default and Maximum Expiration Days setting can be configured under both ReviewsConfiguration and RulesConfiguration.
  • When determining unchanged items, RSA Identity Governance and Lifecycle considers only reviews generated in the past 365 days instead of all reviews. An item for a reviewer is tagged as unchanged when he or she has last reviewed it with the Maintain state in a review that was generated in the last 365 days, and none of the attributes of the reviewed entitlement have changed.

  • The Expiring Soon tooltip now includes the expiration date.

  • The order of categories for Review Analysis and Guidance in the review and review definition have been reordered to prioritize.

AFX Server

Added a new SSH Connector which supports Public Key Authentication.

Application Wizards

Updated the application wizard for Active Directory to remove out-of-date references.

Aveksa Statistics Report

The Aveksa Statistics Report (ASR) has the following new columns for the Unified Users section:

  • terminatedUser.count — The total number of terminated users.
  • deletedUsers.total — The total number of deleted users.
  • user.total — The total number of users.

Change Requests and Workflow

The following changes have been made in Change Requests and Workflow:

  • The Workflow Architect has a new “Auto Complete Category” option when grouping by category that indicates whether the Category Manager automatically completes all other work items in a category. By default, this option is selected.
  • The Processing Workflow link in change requests is now visible to users with the Access Request Admin: Administrator entitlement.

Collectors

Multi-app collectors now provide the option to collect Account Disabled Status and Account Lock Status in the collector configuration.

Database Management

Data pruning has been enhanced to remove unneeded workflow data from the system.

Email

The text in Approval and Rejection email replies have been updated to clearly indicate where the user may add additional comments.

Email

The default value for the maximum number of recipients for an email provider has been changed to 100.

Platform

Migrated the JDK from Open JDK to AdoptOpenJDK, and added support for Red Hat Enterprise Linux 7 and SUSE Linux Enterprise Server 12 SP 4.

 

Deprecated Items

 

Feature

Description

Platform

SUSE Linux Enterprise Server (SLES) 11 and Red Hat Enterprise Linux (RHEL) 6 have been deprecated.

In hardware appliance and software bundle deployments, use the RSA Identity Governance and Lifecycle Appliance Updater to upgrade the operating system.

Reports

The following views and associated reports have been deprecated:

ViewReport
V_AVR_APPROLE_ENTS_DELTA

Changes in User Application Roles by Date Range
Changes in User Application Roles in the Last n Days

V_AVR_ENTITLEMENT_DELTA

Changes in User Entitlements by Date Range
Changes in User Entitlements in the Last n Days

V_AVR_GLOBALROLE_ENTS_DELTA

Changes in User Global Roles by Date Range
Changes in User Global Roles in the Last n Days

V_AVR_GROUP_MEM_DELTA_N_DAYSChanges in User Group Memberships in the Last n Days
V_AVR_GROUP_MEMBERSHIPS_DELTAChanges in User Group Memberships by Date Range

Saved results from previous reports are still accessible.

Web Services

The following path for the User Attribute Change web services command has been deprecated:

http://<server name>:8443/aveksa/webservice/userAttributeChange

This is accessible through the userAttributeChange command. For more information, go to Admin >Web Services.

 

Functional Changes

 

The following table describes changes that affect the user interface or behavior of RSA Identity Governance and Lifecycle as the result of fixed issues.

 

Issue

Description

Access Certification

ACM-100064

In a group review, RSA Identity Governance and Lifecycle no longer allows None for the state of a group whose members and entitlements are all marked as reviewed and maintained. When applying the state of None to multiple groups, the system ignores any group that has all entitlements and members reviewed and maintained.

Access Certification

ACM-98991

Coverage is now only refreshed in a review when the coverage option is selected. When review items are refreshed and the coverage option is not selected, a warning appears to remind the user that coverage will not be refreshed.

Access Requests

ACM-100749

Added a new variable called “Display Name” that maps to the alt_name of the entitlement for global-role, app-role, and group, under the workflow status values.

Admin Errors

ACM-92855

The Admin Error type "Account Load Data" can now contextually appear in the properties of a Create Admin Error workflow node.

Change Requests and Workflows

ACM-93462

The "Assign to" list no longer appears as available options for Resource Selection.

Change Requests and Workflow

ACM-94899

When a change request contains a change request item to remove an already-deleted role from a user, that change request item is rejected while the system proceeds with the other items in the change request.

Change Requests and Workflow

ACM-95849

The "Show job level variables" checkboxes are now selected by default and job variables explicitly shown in approval and fulfillment workflows. If these variables need to be hidden, the checkbox must be deselected.

Change Requests and Workflow

ACM-99913

The Entitlements Require Account field under Account Template now contains the options Always, Sometimes, and Never. Previously, the options were True and False.

Change Requests and Workflow

ACM-101380

In the workflow architect, the node’s runtime data indicates the number of times the node’s state has been changed using the Complete Node, Complete Work, or Skip actions and the number of times the node has been reset. After a node’s state is changed, the node’s color changes to orange. After a node has been reset, the node’s color changes to pink.

Data Collection Processing and Management

ACM-91761

The Last Reviewed Date OOTB attribute has been removed from the collector wizards.

Change Requests and Workflow

ACM-95472

The fix implemented to ensure that emails are sent to each approver when multiple approval activity nodes are configured to send an email to approvers appears in newly created nodes. Existing nodes are not affected by this fix to ensure that any custom email text is not overwritten.

Collector

ACM-93824

The Office365 Account Collector now has a configurable Block Size field during application creation.

Data Collection Processing and Management

ACM-94792

When an RDC’s HAS data is not configured or has an old value set to No, RSA Identity Governance and Lifecycle now ensures that, after collection, the User Access tab Direct view for a user correctly displays all collected roles of which the user is a direct member, and that the user has the correct nested sub-roles in the All view.

Database Management

ACM-74139

Data purging has been updated to ensure that workflow data with null change dates is purged.

Platform

ACM-78255

The configureSSLProtocols.sh and HardenHTTPSProtocols.sh scripts have been removed from RSA Identity Governance and Lifecycle.

Role Management

ACM-96925

Applications and Directories had incorrectly displayed the Raw Name instead of Display Name on the Access tab for users. The Access tab now correctly displays the Display Name of the Application or Directory.

Role Management

ACM-101549
ACM-101846
ACM-101585
ACM-98261
ACM-98346

Fixed the failure of roles explosion from change requests when duplicate roles are found in system. This addresses the issue of user entitlement discrepancies due to explosion failures. Additionally, multiple issues with roles import were addressed. During import, the system reuses the existing members and entitlements when overwriting a local role instead of fully deleting them and creating new entries. When importing roles, the system now looks only for active roles with similar names so that deleted roles are not reactivated. This change will avoid the creation of multiple active roles with role name. If a role being imported matches an existing active collected role, the system throws an exception instead of overwriting the role. Collected roles are not overwritten at any point.

Security

ACM-90370

Authorization validation added for file coverage uploads and to collector activate/deactivate buttons. A pop-up is presented if user does not have the proper privilege.

Security

ACM-99089

Error message was made more user-friendly.

User Interface

ACM-81142

Under Reviews > Activities, the Actions menu automatically scrolls so that all options are visible.

User Interface

ACM-94283

Added the columns Business Use, Functional Ownership, Locality, and Sensitivity in the Application, Directory, Data Resource Sets, Rule Sets, and Role Sets summary tables. Grouping is disabled on these columns.

User Interface

ACM-90208

Pop-up windows now appear in the center of the user’s viewing area.

Web Services

ACM-92041

Validation for webservice calls to add or remove accounts from a group can be requested using the collector or the business source, but not both.

Web Services

ACM-97802

Environments using the User Attribute Change command should change the URL to the following format: http://<server name>:8443/aveksa/command.submit?cmd=userAttributeChange

 

Fixed Issues

 

Fixed Issues

 

Known Issues and Limitations

 

Known Issues and Limitations

 

 

 

7.2

 

Before You Upgrade

 

Before migrating from RSA Identity Governance and Lifecycle 7.0.2, 7.1.0, or 7.1.1, connect to the database to migrate as AVUSER and run the following SQL statements:

 

TRUNCATE TABLE T_AV_RULE_TEST_METRICS DROP ALL STORAGE;
TRUNCATE TABLE T_AV_RULE_TEST_VIOLS DROP ALL STORAGE;

 

What's New

 

The following sections describe the new features and improvements in version 7.2:

 

 

Feature Highlights

 

Feature

What’s New

Dashboard Facts

Dashboard facts allow you to highlight high-level facts to end users, inviting action items requiring attention. These facts can be configured to redirect to specific pages providing additional insight. Dashboard facts are configured under AdminDashboardsDashboard Components. The out-of-the-box System Administrator Dashboard provides a demonstration of dashboard facts.

System Data and Diagnostics

Diagnostic and system data information is collected either on demand or on a scheduled basis to use in dashboard and custom reports that show system details and trends. The data can also be shared with RSA to provide details on your environment and usage. These details provide RSA with insight that facilitates decisions such as providing extended support and deprecating certain versions, as well as what new features and enhancements to prioritize in upcoming releases.

Administrators can change these settings in AdminDiagnosticsDiagnostics and System Data.

Generic REST Collectors

The new Generic REST collectors support the collection of identity, accounts, and entitlements through REST APIs specific to the endpoint.

Installer

There are several improvements to the RSA Identity Governance and Lifecycle installation process:

  • The installation process has been improved to allow installation using either the root user or oracle user, depending on the specific environment and requirements.

    Installation as the root user is required for deployments in which you use an RSA-supplied database or in which you want to run RSA Identity Governance and Lifecycle as a service. Root user installation is required for any deployment in which sudo functionality is needed.

    Installation as the oracle user is an option for environments that use a remote database and do not require the use of services or sudo functionality.

    For instructions for each of these installation options, see the RSA Identity Governance and Lifecycle Installation Guide.

  • The installation script now prompts users to confirm passwords entered when configuring a remote database.

Web Services

Several improvements were made to web services:

  • All available commands are now organized across several tabs labeled by category. The Settings tab, which is the first tab the user sees, provides a high-level ability to toggle web services on and off, allows the user to specify a list of IP addresses that can be used for commands, and the import directory where some commands may look for content. Those commands will indicate in their details that they use the import directory.
  • The user interface that lists all commands has been redesigned to display the commands in a table format. A user can click the Click for Details link for a particular command to expand a command's row and view details about using the command. The new table includes a security column that uses icons to represent the current settings for the command, and a Configure button to change the security.
  • Security settings are now configured at the command-level. A user can only change the security for a particular command to be stronger than the default, out-of-the-box security setting.
  • Added the deleteCollector web service, which allows users with appropriate privileges to delete a collector from the system.
  • Added support for using a bearer token in request headers instead of passing the token in the URL.
Unauthorized Change Detection (UCD) ImprovementsThe Unauthorized Change Detection rule has been enhanced to detect when there is an unauthorized removal of entitlements from a user, and to allow you to filter on accounts.

User Interface

This release introduces many improvements to the user interface to provide a cleaner, faster, and more consistent user experience. These changes include:

  • An improved notification panel with notifications grouped by date.
  • Redesigned UI components, such as dialogs, buttons, and navigation.
  • Card-based component layout.
  • New icon set for high-resolution displays.
  • Charts now have a modern theme and layout with improved animation. You can now download charts.
  • Added auto-refresh functionality to the pages at AdminDiagnosticsGeneral and AdminDiagnosticsLogs.
  • Added support to upload JavaScript files in the Files tab under AdminUser Interface, which may be used to perform custom validation for request forms or may be referenced from JSP pages. Consult Professional Services before using this feature.
User Pictures

Each user can now have an associated image that is visible throughout the user interface, such as in the menu when logged in, user detail screens, and user pop-ups.

To configure a user picture, navigate to a user's detail screen, click the default image, and upload a .PNG file. Administrators can upload images in bulk from the AdminUser Interface > Files > Users screen, or by using the setUserImage web service.

 

Additional Features and Improvements

 

Feature

What’s New

Access Certification

The following improvements have been made in access certification:

  • The display names for the Review and Revoke buttons for roles in fine-grained role reviews and for groups in group reviews are now specified within the review definition using two new text fields. Previously, the display names for these buttons were configured using the global resources strings RoleReview_Maintain, RoleReview_Revoke, GroupReview_Maintain, and GroupReview_Revoke.
  • When the Allow expiration option is selected for the Maintain state in a review definition, the Display Name text field now appears, allowing users to enter a display name for this state.

  • In a review, the Expiration date field displayed in the flyout for the Maintain with Expiration state, which indicates the date on which the exceptional access expires, has been renamed to Expires on, to avoid confusion with other fields.
  • You can now limit the maximum number of days in the future that a reviewer can set as the expiration date when choosing the Maintain with Expiration state for a review item. The Default and Maximum Expiration Days setting can be configured under both ReviewsConfiguration and RulesConfiguration.
  • When determining unchanged items, RSA Identity Governance and Lifecycle considers only reviews generated in the past 365 days instead of all reviews. An item for a reviewer is tagged as unchanged when he or she has last reviewed it with the Maintain state in a review that was generated in the last 365 days, and none of the attributes of the reviewed entitlement have changed.

  • The Expiring Soon tooltip now includes the expiration date.

  • The order of categories for Review Analysis and Guidance in the review and review definition have been reordered to prioritize.

AFX Server

Added a new SSH Connector which supports Public Key Authentication.

Application Wizards

Updated the application wizard for Active Directory to remove out-of-date references.

Aveksa Statistics Report

The Aveksa Statistics Report (ASR) has the following new columns for the Unified Users section:

  • terminatedUser.count — The total number of terminated users.
  • deletedUsers.total — The total number of deleted users.
  • user.total — The total number of users.

Change Requests and Workflow

The following changes have been made in Change Requests and Workflow:

  • The Workflow Architect has a new “Auto Complete Category” option when grouping by category that indicates whether the Category Manager automatically completes all other work items in a category. By default, this option is selected.
  • The Processing Workflow link in change requests is now visible to users with the Access Request Admin: Administrator entitlement.

Collectors

Multi-app collectors now provide the option to collect Account Disabled Status and Account Lock Status in the collector configuration.

Database Management

Data pruning has been enhanced to remove unneeded workflow data from the system.

Email

The text in Approval and Rejection email replies have been updated to clearly indicate where the user may add additional comments.

Email

The default value for the maximum number of recipients for an email provider has been changed to 100.

Platform

Migrated the JDK from Open JDK to AdoptOpenJDK, and added support for Red Hat Enterprise Linux 7 and SUSE Linux Enterprise Server 12 SP 4.

 

Deprecated Items

 

Feature

Description

Platform

SUSE Linux Enterprise Server (SLES) 11 and Red Hat Enterprise Linux (RHEL) 6 have been deprecated.

In hardware appliance and software bundle deployments, use the RSA Identity Governance and Lifecycle Appliance Updater to upgrade the operating system.

Reports

The following views and associated reports have been deprecated:

ViewReport
V_AVR_APPROLE_ENTS_DELTA

Changes in User Application Roles by Date Range
Changes in User Application Roles in the Last n Days

V_AVR_ENTITLEMENT_DELTA

Changes in User Entitlements by Date Range
Changes in User Entitlements in the Last n Days

V_AVR_GLOBALROLE_ENTS_DELTA

Changes in User Global Roles by Date Range
Changes in User Global Roles in the Last n Days

V_AVR_GROUP_MEM_DELTA_N_DAYSChanges in User Group Memberships in the Last n Days
V_AVR_GROUP_MEMBERSHIPS_DELTAChanges in User Group Memberships by Date Range

Saved results from previous reports are still accessible.

Web Services

The following path for the User Attribute Change web services command has been deprecated:

http://<server name>:8443/aveksa/webservice/userAttributeChange

This is accessible through the userAttributeChange command. For more information, go to Admin >Web Services.

 

Functional Changes

 

The following table describes changes that affect the user interface or behavior of RSA Identity Governance and Lifecycle as the result of fixed issues.

 

Issue

Description

Access Certification

ACM-100064

In a group review, RSA Identity Governance and Lifecycle no longer allows None for the state of a group whose members and entitlements are all marked as reviewed and maintained. When applying the state of None to multiple groups, the system ignores any group that has all entitlements and members reviewed and maintained.

Access Certification

ACM-98991

Coverage is now only refreshed in a review when the coverage option is selected. When review items are refreshed and the coverage option is not selected, a warning appears to remind the user that coverage will not be refreshed.

Access Requests

ACM-100749

Added a new variable called “Display Name” that maps to the alt_name of the entitlement for global-role, app-role, and group, under the workflow status values.

Admin Errors

ACM-92855

The Admin Error type "Account Load Data" can now contextually appear in the properties of a Create Admin Error workflow node.

Change Requests and Workflows

ACM-93462

The "Assign to" list no longer appears as available options for Resource Selection.

Change Requests and Workflow

ACM-94899

When a change request contains a change request item to remove an already-deleted role from a user, that change request item is rejected while the system proceeds with the other items in the change request.

Change Requests and Workflow

ACM-95849

The "Show job level variables" checkboxes are now selected by default and job variables explicitly shown in approval and fulfillment workflows. If these variables need to be hidden, the checkbox must be deselected.

Change Requests and Workflow

ACM-99913

The Entitlements Require Account field under Account Template now contains the options Always, Sometimes, and Never. Previously, the options were True and False.

Change Requests and Workflow

ACM-101380

In the workflow architect, the node’s runtime data indicates the number of times the node’s state has been changed using the Complete Node, Complete Work, or Skip actions and the number of times the node has been reset. After a node’s state is changed, the node’s color changes to orange. After a node has been reset, the node’s color changes to pink.

Data Collection Processing and Management

ACM-91761

The Last Reviewed Date OOTB attribute has been removed from the collector wizards.

Change Requests and Workflow

ACM-95472

The fix implemented to ensure that emails are sent to each approver when multiple approval activity nodes are configured to send an email to approvers appears in newly created nodes. Existing nodes are not affected by this fix to ensure that any custom email text is not overwritten.

Collector

ACM-93824

The Office365 Account Collector now has a configurable Block Size field during application creation.

Data Collection Processing and Management

ACM-94792

When an RDC’s HAS data is not configured or has an old value set to No, RSA Identity Governance and Lifecycle now ensures that, after collection, the User Access tab Direct view for a user correctly displays all collected roles of which the user is a direct member, and that the user has the correct nested sub-roles in the All view.

Database Management

ACM-74139

Data purging has been updated to ensure that workflow data with null change dates is purged.

Platform

ACM-78255

The configureSSLProtocols.sh and HardenHTTPSProtocols.sh scripts have been removed from RSA Identity Governance and Lifecycle.

Role Management

ACM-96925

Applications and Directories had incorrectly displayed the Raw Name instead of Display Name on the Access tab for users. The Access tab now correctly displays the Display Name of the Application or Directory.

Role Management

ACM-101549
ACM-101846
ACM-101585
ACM-98261
ACM-98346

Fixed the failure of roles explosion from change requests when duplicate roles are found in system. This addresses the issue of user entitlement discrepancies due to explosion failures. Additionally, multiple issues with roles import were addressed. During import, the system reuses the existing members and entitlements when overwriting a local role instead of fully deleting them and creating new entries. When importing roles, the system now looks only for active roles with similar names so that deleted roles are not reactivated. This change will avoid the creation of multiple active roles with role name. If a role being imported matches an existing active collected role, the system throws an exception instead of overwriting the role. Collected roles are not overwritten at any point.

Security

ACM-90370

Authorization validation added for file coverage uploads and to collector activate/deactivate buttons. A pop-up is presented if user does not have the proper privilege.

Security

ACM-99089

Error message was made more user-friendly.

User Interface

ACM-81142

Under Reviews > Activities, the Actions menu automatically scrolls so that all options are visible.

User Interface

ACM-94283

Added the columns Business Use, Functional Ownership, Locality, and Sensitivity in the Application, Directory, Data Resource Sets, Rule Sets, and Role Sets summary tables. Grouping is disabled on these columns.

User Interface

ACM-90208

Pop-up windows now appear in the center of the user’s viewing area.

Web Services

ACM-92041

Validation for webservice calls to add or remove accounts from a group can be requested using the collector or the business source, but not both.

Web Services

ACM-97802

Environments using the User Attribute Change command should change the URL to the following format: http://<server name>:8443/aveksa/command.submit?cmd=userAttributeChange

 

Fixed Issues

 

Fixed Issues

 

Known Issues and Limitations

 

Known Issues and Limitations

 

 

 

1 person found this helpful

Attachments

    Outcomes