000038391 - Account Reviews cannot be completed and 'ORA-00904: "CACHE_"."COMP_RES_CASxx": invalid identifier' errors are generated in RSA Identity Governance & Lifecycle

Document created by RSA Customer Support Employee on Jan 29, 2020Last modified by RSA Customer Support Employee on Mar 19, 2020
Version 23Show Document
  • View in full screen mode

Article Content

Article Number000038391
Applies ToRSA Product Set: RSA Identity Governance & Lifecycle
RSA Version/Condition: 7.1.0, 7.1.1
 
IssueAccount reviews in RSA Identity Governance & Lifecycle cannot be completed. (Reviews > Results > {Account Review Result Name} > Review items > {pick a tab} > {show all items}).

Examples:
  • Account reviews show accounts as having entitlements but when you maintain the item, the review says the account has no entitlements. Further errors occur if you attempt to maintain the account using a bulk action and the account review cannot be completed.
  • Account reviews show accounts as having entitlements but when you maintain/revoke unreviewed items using either a review escalation node or web services, items remain unreviewed.
 The aveksaServer.log file ($AVEKSA_HOME/wildfly/standalone/log/aveksaServer.log) has one or more of the following errors:
 

ORA-00904: "CACHE_"."COMP_RES_CAS11": invalid identifier
ORA-00904: "CACHE_"."COMP_RES_CAS12": invalid identifier
ORA-00904: "CACHE_"."COMP_RES_CAS13": invalid identifier
ORA-00904: "CACHE_"."COMP_RES_CAS14": invalid identifier
ORA-00904: "CACHE_"."COMP_RES_CAS15": invalid identifier
ORA-00904: "CACHE_"."COMP_RES_CAS16": invalid identifier
ORA-00904: "CACHE_"."COMP_RES_CAS17": invalid identifier
ORA-00904: "CACHE_"."COMP_RES_CAS18": invalid identifier
ORA-00904: "CACHE_"."COMP_RES_CAS19": invalid identifier
ORA-00904: "CACHE_"."COMP_RES_CAS20": invalid identifier
ORA-00904: "CACHE_"."COMP_RES_CAS21": invalid identifier
ORA-00904: "CACHE_"."COMP_RES_CAS22": invalid identifier
ORA-00904: "CACHE_"."COMP_RES_CAS23": invalid identifier
ORA-00904: "CACHE_"."COMP_RES_CAS24": invalid identifier
ORA-00904: "CACHE_"."COMP_RES_CAS25": invalid identifier
ORA-00904: "CACHE_"."COMP_RES_CAS26": invalid identifier
ORA-00904: "CACHE_"."COMP_RES_CAS27": invalid identifier
ORA-00904: "CACHE_"."COMP_RES_CAS28": invalid identifier
ORA-00904: "CACHE_"."COMP_RES_CAS29": invalid identifier
ORA-00904: "CACHE_"."COMP_RES_CAS30": invalid identifier
ORA-00904: "CACHE_"."COMP_RES_CAS31": invalid identifier
ORA-00904: "CACHE_"."COMP_RES_CAS32": invalid identifier
ORA-00904: "CACHE_"."COMP_RES_CAS33": invalid identifier
ORA-00904: "CACHE_"."COMP_RES_CAS34": invalid identifier
ORA-00904: "CACHE_"."COMP_RES_CAS35": invalid identifier
ORA-00904: "CACHE_"."COMP_RES_CAS36": invalid identifier


Please refer to RSA Knowledge Base Article 000030327 -- Artifacts to gather in RSA Identity Governance & Lifecycle to find the location of the aveksaServer.log for your specific deployment if you are on a WildFly cluster or a non-WildFly platform.

  The example below illustrates this issue:
  1. In the RSA Identity Governance & Lifecycle user interface go to Reviews > Results > {Account Review Result Name} > Review items > {pick a tab} > {show all items}.
  2. Choose Maintain for any account.
  3. Note in the example below there are three entitlements associated with the account but once the Maintain button is toggled, the review says:

There are no entitlements in this account.

 

User-added image
 


  1. If you attempt to bulk maintain this review item, the below error occurs:

The request could not be handled.



 


User-added image
 


  1. If you click OK and OK again, this error occurs:

Error - java.lang.NullPointerException
 

 

User-added image


 
CauseThe significant error that indicates the problem cause is:
 

ORA-00904: "CACHE_"."COMP_RES_CASxx": invalid identifier


Starting in RSA Identity Governance & Lifecycle 7.1.0 P05, new custom attributes for business sources were added. These attributes are defined with data types CAS11 through CAS35 and are added by going to Admin > Attributes > Business Source tab > Edit > Add Attribute. The problem occurs because the feature to add the additional business source attributes was not completed and does not populate the new attributes into all the appropriate places.

This is a known issue reported in engineering tickets ACM-99694, ACM-102953, ACM-102551 and ACM-103658.
 
ResolutionThis issue is resolved in RSA Identity Governance & Lifecycle 7.2. The fix prevents this problem from occurring but if the problem has already occurred, the workaround is necessary.

Resolution steps:
  1. Upgrade to RSA Identity Governance & Lifecycle 7.2.0. A fix will NOT be back-ported for 7.1.x.
  2. If you have any business source custom attributes that use data types CAS11 through CAS35, apply the workaround below.
WorkaroundRemove all business source custom attributes that have been defined using data types CAS11 through CAS35.

Please contact RSA Identity Governance & Lifecycle Support for the steps needed to remove these custom attributes and mention this RSA Knowledge Base Article ID 000038391 for reference.
 

Attachments

    Outcomes