Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000038621 - Objects previously collected by Account Collectors and Entitlement Collectors in 6.x are rejected in 7.x of RSA Identity Governance & Lifecycle

Document created by RSA Customer Support

on Mar 24, 2020

Version 1Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000038621
Applies To	RSA Product Set: RSA Identity Governance & Lifecycle RSA Version/Condition: 6.x, 7.x
Issue	Objects previously collected by Account Collectors (ADCs) and Entitlement Collectors (EDCs) in 6.x are rejected in 7.x of RSA Identity Governance & Lifecycle. The following example illustrates this issue. Application XYZ has two Account Collectors: ADC1 and ADC2. ADC1 collects a group name called Group_RSA. ADC2 also collects a group name called Group_RSA. The first collector to run (ADC1), will collect the group Group_RSA. The second collector to run (ADC2), will reject group Group_RSA. The data run for the ADC2 collector has the following admin error: EC[251] Context[RunID=25294, ADC(Name=ADC2, ID=68)] Message[Reference resolutions failed.] Prior to RSA Identity Governance & Lifecycle 7.0, the second collector would not reject the duplicate group name. As a result, there would be a duplicate group name in Application XYZ called Group_RSA, one group collected by ADC1 and one group collected by ADC2.
Cause	This was an intentional design change introduced in RSA Identity Governance & Lifecycle 7.0 to avoid duplicate object names (accounts, groups, and entitlements) within the same application.
Resolution	Each collector within the same application space must collect unique object names. This behavior is documented on page 26 of the RSA Via Lifecycle and Governance V7.0 Release Notes under Data Quality Enhancements, Duplicate Objects: In previous versions, two collectors could collect the same object, for instance an entitlement with the same name could be collected for an application. The system would then show duplicate entitlements. A collector can now only collect an object for an application if there is no other existing object of the same name and same type that already has been collected for the application. This behavior is also referred to in the RSA Identity Governance & Lifecycle Upgrade and Migration Guide for each 7.x version as a Pre-Upgrade Task under Changes to Data Collections: Duplicate objects are no longer allowed within an application namespace. Previously, duplicate objects were not allowed within a collector, and as a result more than one collector was allowed to collect the same entitlement for an application.

Attachments

Outcomes

0 Comments

Recommended Content