|Applies To||RSA Product Set: RSA Identity Governance & Lifecycle|
RSA Version/Condition: 7.1.0, 7.1.1
|Issue||Changes to entitlements that have been granted indirectly through roles show correctly when viewing the role definition (Roles > Roles > Role Name > Members and Entitlements tab) but are not reflected correctly under the user's access tab (Users > Users > Name > Access tab) or in a User Access Review under the All entitlements tab.|
Symptoms manifest in several ways:
The following ERROR level log messages are logged to the aveksaServer.log file:
Please refer to RSA Knowledge Base Article 000030327 -- Artifacts to gather in RSA Identity Governance & Lifecycle to find the location of the aveksaServer.log file for your specific deployment.
|Cause||This is a known issue in the following RSA Identity Governance & Lifecycle versions:|
The duplicate items can occur under the following circumstances:
|Resolution||There are three fixes needed for this issue. Implementation of these fixes is version-dependent.|
RSA Identity Governance & Lifecycle 7.1.1.
Cannot import over an existing collected role
Note: Until you are able to upgrade to 7.1.1 P05, please follow the resolution steps for RSA Identity Governance & Lifecycle 7.1.0.
RSA Identity Governance & Lifecycle 7.1.0.
Cleanup script to remove duplicate role names
Run the following scripts to identify and correct (or advise) on duplicate role names that need to be corrected.
If the query above returns a result, please contact RSA Identity Governance & Lifecycle Support for the workaround and mention this RSA Knowledge Base Article ID 000038236 for reference.
If the query above returns a result, then identify and manually delete one of the active roles by selecting it from the roles page (Roles > Roles > check the box next to the Role Name) and select Delete Roles under the Actions drop down menu.