000038621 - Objects previously collected by Account Collectors and Entitlement Collectors in 6.x are rejected in 7.x of RSA Identity Governance & Lifecycle

Document created by RSA Customer Support Employee on Mar 24, 2020
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000038621
Applies ToRSA Product Set: RSA Identity Governance & Lifecycle
RSA Version/Condition: 6.x, 7.x
IssueObjects previously collected by Account Collectors (ADCs) and Entitlement Collectors (EDCs) in 6.x are rejected in 7.x of RSA Identity Governance & Lifecycle.

The following example illustrates this issue.

Application XYZ has two Account Collectors: ADC1 and ADC2. ADC1 collects a group name called Group_RSA. ADC2 also collects a group name called Group_RSA. The first collector to run (ADC1), will collect the group Group_RSA. The second collector to run (ADC2), will reject group Group_RSA. The data run for the ADC2 collector has the following admin error:

EC[251] Context[RunID=25294, ADC(Name=ADC2, ID=68)] Message[Reference resolutions failed.]

Prior to RSA Identity Governance & Lifecycle 7.0, the second collector would not reject the duplicate group name. As a result, there would be a duplicate group name in Application XYZ called Group_RSA, one group collected by ADC1 and one group collected by ADC2.
CauseThis was an intentional design change introduced in RSA Identity Governance & Lifecycle 7.0 to avoid duplicate object names (accounts, groups, and entitlements) within the same application.
ResolutionEach collector within the same application space must collect unique object names.
This behavior is documented on page 26 of the RSA Via Lifecycle and Governance V7.0 Release Notes under Data Quality Enhancements, Duplicate Objects:

In previous versions, two collectors could collect the same object, for instance an entitlement with
the same name could be collected for an application. The system would then show duplicate

A collector can now only collect an object for an application if there is no other existing object of the
same name and same type that already has been collected for the application.

This behavior is also referred to in the RSA Identity Governance & Lifecycle Upgrade and Migration Guide for each 7.x version as a Pre-Upgrade Task under Changes to Data Collections:  

Duplicate objects are no longer allowed within an application namespace. Previously, duplicate objects
were not allowed within a collector, and as a result more than one collector was allowed to collect the
same entitlement for an application