000038523 - Best practices when extending objects in the avuser schema in RSA Identity Governance & Lifecycle

Document created by RSA Customer Support Employee on Feb 28, 2020Last modified by RSA Customer Support Employee on Mar 4, 2020
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000038523
Applies ToRSA Product Set: RSA Identity Governance & Lifecycle
RSA Version/Condition: 7.x
IssueRSA Identity Governance & Lifecycle has an option to extend the avuser schema by adding additional custom attributes to the application. This is done in the RSA Identity Governance & Lifecycle user interface by navigating to Admin > Attributes > {attribute-type tab} > Edit > Add Attribute.

The following excerpt is taken from the RSA Identity Governance & Lifecycle 7.2 online help on custom attributes:
RSA Identity Governance and Lifecycle lets you create attributes for collected, created, and managed objects. Pre-defined attributes may provide only some of the attributes you need for your objects. Creating attributes lets you collect more comprehensive and important data. They also let you more accurately represent business sources for which you are managing compliance.

This RSA Knowledge Base Article advises on what precautions to take when extending objects in the avdb schema.

ResolutionWhen extending objects in the avdb schema, it is highly recommended that the addition of attributes is done when there is minimal activity in the RSA Identity Governance & Lifecycle application. This includes but is not limited to user and system activity such as workflow processing, review generations, rules processing and collections.

This is especially true when extending user attributes.  When adding a user attribute, there is actually a change to the internal database table structure. When making this change, Oracle will invalidate packages that depend on that table forcing a recompilation of these package(s) upon the next execution of the package. If the session has previously executed the package(s), Oracle can throw one of the following exceptions which will cause a processing failure.
  • ORA-04061: Existing state of string has been invalidated
  • ORA-04068: existing state of packages has been discarded
This error and the subsequent processing failure can be avoided if the attribute(s) are added at a time of minimal activity on the system.

It is also recommended to restart the RSA Identity Governance & Lifecycle application once the attributes or attributes have been added. This is particularly true if the attribute or attributes added were user attributes.