|Applies To||RSA Product Set: RSA Identity Governance & Lifecycle|
RSA Version/Condition: 7.1.0, 7.1.1
|Issue||Changes to entitlements that have been granted indirectly through roles show correctly when viewing the role definition (Roles > Roles > Role Name > Members and Entitlements tab) but are not reflected correctly under the user's access tab (Users > Users > Name > Access tab) or in a User Access Review under the All entitlements tab.|
Symptoms manifest in several ways:
The following ERROR level log messages are logged to the aveksaServer.log file:
Please refer to RSA Knowledge Base Article 000030327 -- Artifacts to gather in RSA Identity Governance & Lifecycle to find the location of the aveksaServer.log file for your specific deployment.
|Cause||This is a known issue in the following RSA Identity Governance & Lifecycle versions:|
The duplicate items can occur under the following circumstances:
|Resolution||This issue is resolved in the following RSA Identity Governance & Lifecycle versions and/or patch levels: |
IMPORTANT: A manual step is required after applying one of the above patches to remove existing duplicate role names.
Summary of fixes required for this issue:
To fully resolve this issue:
Cannot import over an existing collected role
Cleanup Duplicate Role Names
Run the following scripts to identify and correct (or advise) on duplicate role names that need to be corrected.
If the query above returns a result, please contact RSA Identity Governance & Lifecycle Cutomer Support for a cleanup script and mention this RSA Knowledge Base Article ID 000038236 for reference.
If the query above returns a result, then identify and manually delete one of the active roles by selecting it from the Roles page (Roles > Roles > check the box next to the Role Name) and select Delete Roles under the Actions drop down menu.
|Workaround||If you are on RSA Identity Governance & Lifecycle 7.1.0 or RSA Identity Governance & Lifecycle 7.1.1 GA through P04, the following workaround is available:|
IMPORTANT: Until you upgrade/patch to 7.2.0 or 7.1.1 P05, you may encounter this issue again. Repeat steps #1 and #2 of this workaround every time there is a recurrence of this issue.