000038959 - Rejecting Approval of an Application Role Change Request item fails in RSA Identity Governance & Lifecycle

Document created by RSA Customer Support Employee on Jun 10, 2020Last modified by RSA Customer Support Employee on Jun 18, 2020
Version 6Show Document
  • View in full screen mode

Article Content

Article Number000038959
Applies ToRSA Product Set: RSA Identity Governance & Lifecycle
RSA Version/Condition: 7.1.0 , 7.1.1, 7.2.0
 
IssueWhen performing approvals (Requests > Approvals > {Approval name} > Perform), an attempt to reject an application role request fails. After selecting Rejected > OK to reject the application role change, the page loads back to the previous page and the Approval is still waiting to be performed.
 
User-added image




User-added image


The Approval Workflow (Requests > Workflows > Approval tab > {Approval Workflow name}) is properly set up with an activity node configured for either Add app-role to account or Add app-role to user and a transition that allows individual change items to be rejected.


EXAMPLE

In the following example the approval workflow has activity nodes for Add ent to account, Add app-role to account and Add group to account and each activity node has the option to reject individual change request items. Note that the rejection of an Add ent to account and an Add group to account works correctly. It is only the Add app-role to account and Add app-role to user conditions that have this issue.

 
User-added image


Each approval activity node is configured as below to allow individual rejection of change items:
 
User-added image

 

The following error is logged to the aveksaServer.log file ($AVEKSA_HOME/wildfly/standalone/log/aveksaServer.log)




05/29/2020 03:07:49.986 ERROR (default task-24) [com.aveksa.server.workflow.WorkflowWorkItem]
No grouping found for the job 337

Please refer to RSA Knowledge Base Article 000030327 -- Artifacts to gather in RSA Identity Governance & Lifecycle to find the location of the aveksaServer.log file for your specific deployment if you are on a WildFly cluster or a non-WildFly platform. The aveksaServer.log may also be downloaded from the RSA Identity Governance & Lifecycle user interface (Admin > System > Server Nodes tab > under Logs.)
 
CauseThis is a known issue reported in engineering ticket ACM-105756.
 
ResolutionThis issue is being investigated by the Engineering team in order to provide a permanent resolution in a future release.
 
Workaround
  1. Edit the Approval Workflow (Requests > Workflows > Approval tab > {Approval workflow name}) and select and deselect the checkbox for the following option:

Follow this transition when a workflow form is automatically completed



  1. Then save the workflow.

User-added image



 

Attachments

    Outcomes