Fixed Issues in 7.2.0.02

Document created by RSA Information Design and Development Employee on Jul 1, 2020Last modified by RSA Information Design and Development Employee on Aug 20, 2020
Version 6Show Document
  • View in full screen mode

The following issues were fixed in RSA Identity Governance and Lifecycle version 7.2.0.02.

Access Certification

                               

Issue

Description

SF-1278861

ACM-93485

The Backup Business Owner and Other Business Owner were not included as review monitors by default when Business Owner was selected. The system has been updated to include all types of business owners as monitors.

SF-1582475

ACM-104736

The new review user interface did not display some Swedish characters properly.

SF-1546412

ACM-103907

The 'Account Name' and 'Name' columns were blank for entitlements displayed under the 'Existing Entitlements for Accounts that will be enabled' table on the change request detail page. The query has been fixed to fetch these column values.

SF-1475193

ACM-103400

Review bulk actions were not always persisted for items across all pages when comments were added or when the state of the review items was changed to NONE.

SF-1493778

ACM-103090

A user was incorrectly able to select multiple users from a deletion request, because the table was not properly cleared when navigating back and forth.

Access Requests

                               

Issue

Description

SF-1544144

ACM-103501

Hardened code to prevent duplicate out-of-office entries for a given user.

SF-1541463

ACM-104020

A user had duplicate local entitlements when activity was assigned in Manual Activities.

SF-1544032

ACM-103663

Rejection of a change item through approval did not update the review item from which it was generated. Review items are now updated in the cases of change item or request cancellation.

SF-1488440

ACM-103055

When a user logged in with same user ID in multiple windows of the same browser to access the application, a "request could not be handled" message appeared while performing actions on Role and Review pages. This issue has been addressed as part of this ticket. Now users can access multiple browser windows with the same login without any error messages.

SF-1022256
SF-1462122

ACM-84860

Revoking local entitlements were automatically completed by the system even when the ApplyImmediate tag was set to false. The system now correctly considers the ApplyImmediate tag when processing.

Account Management

                   

Issue

Description

SF-1236222

ACM-95381

Import of account mappings failed with a UTF-8 encoded import file. This patch ensures that UTF-encoded files are handled correctly.

SF-1457802

ACM-102023

During attribute synchronization, AFX had updated Active Directory with the text from a command parameter mapping instead of the actual value.

ACM Security Model

                   

Issue

Description

SF-1591275

ACM-105178

Supervisors were unable to see the details of requests created by their subordinates or others.

SF-1427402

ACM-101172

The security scope pop-up did not display "Report Result: Run" or "Report Result: View Report" when there was no result generated for those reports. Now the report name is displayed in the pop-up even if a report result does not yet exist.

AFX

                           

Issue

Description

SF-1441515

ACM-101678

Error management for the Unauthorized (401) error in AFX authentication has been improved.

SF-1134811

ACM-85408

When a change request in an RACF connector used the $ symbol in a value, the $ symbol and everything following it was skipped during execution.

SF-1026617

ACM-80377

The system sent two password available emails for a single change request item, because an email was triggered after change request item completion and again after change request completion.

SF-1445248

ACM-101553

When a single work item out of multiple work items in a change request was not fulfilled by AFX, change requests were kept in the fulfillment phase and their associated workflows were flagged as stalled. The work item was fulfilled only after restarting AFX.

Attribute Synchronization

                   

Issue

Description

SF-1589184

ACM-104937

The strings "Contains Privileged Access" and "Business Criticality" were not localized.

SF-1593127

ACM-105245

Attribute synchronization request did not generate a workflow for managed attributes, because the system closed the connection before the request was processed.

Change Requests and Workflows

                                                       

Issue

Description

SF-1539391

ACM-103523

The Aveksa Statistics Report (ASR) displayed a larger number of pending activities than were actually pending in RSA Identity Governance and Lifecycle.

SF-1537522

ACM-104940

The technical approval node email created an email with the incorrect thread name.

SF-1566993

ACM-104864

The change request milestone did not display approvals that were canceled due to escalations.

SF-1557572

ACM-103996

Improved queries with large role modifications to avoid Oracle limits for the number of parameters.

SF-1544939

ACM-103621

Admin error emails with incorrect warn-level log messages about queue depth were being sent.

SF-1478898

ACM-103802

An entire change request was rejected when it contained a change item related to a deleted role. This has been fixed to reject only items containing the deleted role reference.

SF-1555836

ACM-103840

The security improvement to remove parameters for architect processes from the URL did not handle the situation in which the default ports 80 and 443 were removed from the browser but the application server provided them to the user interface, which prevented iframe communication from matching.

SF-1549667

ACM-103680

When a pending account had dependencies in another change request, and the pending account's change request was rejected by the approver, all of the items other than the pending account were rejected, and the pending account was provisioned.

SF-1549340

ACM-103619

The due date for an approval node was previously dependent on the start time of the job.

SF-1399646

ACM-102701

When an approval was rejected, the email incorrectly used the user ID instead of the ID for a dynamic role or group.

SF-1277727

ACM-98931

Accessing workflows using an HTTP proxy caused the application to continuously load the workflows.

Collector

                                   

Issue

Description

SF-1598577

ACM-105338

The Generic REST collector failed with an unexpected content-type error.

SF-1582343

ACM-104961

Optimized parsing of JSONPath for array of child elements in Generic REST EDCs.

SF-1589041

ACM-104046

Existing functionality for the Generic REST collector did not parse data using JSONPath for multi-level child attributes and partial match of account attributes.

SF-1567476
SF-1595666

ACM-104753

Running a SQL query with multiple CSV files in the Group Data Query for an Account Data Collector with HXTT CSV driver yielded incorrect results.

SF-1439321

ACM-100947

The RESTful webservice connector had required a client secret when using OAUTH2 authentication. The client secret is now optional, because it is not required by OAUTH2 protocol.

SF-1346911

ACM-97132

Could not change or update collectors when using a language other than English.

Connector

                                                   

Issue

Description

SF-1553830

ACM-104033

When using Salesforce AFX connector, the proxy details to fetch the access token are not persisted, if not provided when connector is created first time.

SF-1549028

ACM-103699

When trying to delete a cloned connector, the following error appeared: "Unable to Delete Connector."

SF-1403423

ACM-103358

When using the Salesforce REST connector, the updateAccount command with additional parameters failed to update the new parameters on the endpoint.

SF-1545433

ACM-103479

The REST connector login capability did not use input parameters when generating a session token.

SF-1545433

ACM-103478

The REST connector did not use the Accept header as expected to accept all content types.

SF-1545433

ACM-103477

In the AFX DB connector capabilities, the display of input parameter popup for SQL commands has been handled.

SF-1545433

ACM-103476

The REST connector used returned set-cookie headers in subsequent calls, resulting in failed login attempts.

SF-1545433

ACM-103475

The REST connector was adding unnecessary, unconfigured HTTP headers to configured capabilities.

SF-1545433

ACM-103474

Improved security of REST connector parameters.

SF-1545433

ACM-103473

While creating a REST connector, the application added an extra output parameter pattern after saving the connector.

Custom Attributes

               

Issue

Description

SF-1469946

ACM-102090

Custom field pointing to an object was not usable in entitlement rules and content filters for user access reviews.

Data Collection Processing and Management

                                           

Issue

Description

SF-1605864

ACM-105803

CSV collector did not populate some joined fields.

SF-1592985

ACM-105775

NVL function in Account Mapping queries failed when the account length was more than 20 characters.

SF-1470968

ACM-103361

Added optimizations for databases with large data sets when doing change verification tasks.

SF-1554999

ACM-103813

When an account was a direct member of both a parent group and one of its sub-groups, a change item to remove the account from the parent group was verified only after removing the account from the sub-group.

SF-1551032

ACM-103697

After deleting a collector, the entitlement count in the "Total Entitlements" column displayed the same number of entitlements as before the deletion.

SF-1548558

ACM-103575

The role data collector counted extra rejected role membership from all role collector runs.

SF-1537490
SF-1574041
SF-1566464
SF-151295

ACM-103555

Unification did not properly update the Terminated Flag for a user causing Termination Rule to not work properly.

SF-1451627

ACM-101993

Indirect relationship processing runs took increasingly longer amounts of time on each subsequent day.

Database Management and Performance

                       

Issue

Description

SF-1593317

ACM-104869

The public view PV_REVIEW_DEFINITION has been updated to exclude duplicate and deleted review definitions.

SF-1582473

ACM-104885

Long-running data purging became stuck during cleanup of WP_WI_ALERT.

SF-1561165

ACM-104088

When deleting older data runs, large groups of selected jobs are used and connections could exceed the maximum Oracle processes. This has been optimized to handle large groups of data properly.

Metadata Import/Export

               

Issue

Description

SF-1510215

ACM-102938

Business users had been unable to edit role names and description after import.

Reports

               

Issue

Description

SF-1537039

ACM-103677

Aveksa Statistics Report (ASR) generation was stalling in the Generating state.

Request Forms

                   

Issue

Description

SF-1492188

ACM-103789

After a user set a default value for the "Drop down select" field in a request form, the Next button appeared disabled while running the form.

SF-1474124

ACM-102221

When the a form filter contained a variable to resolve in view/edit cases, when there was no valid context to resolve the variables, SQL errors appeared in the logs.

Role Management

                                                                   

Issue

Description

SF-1508343

ACM-102991

Unexpected behavior occurred when technical roles had a cyclic dependency.

SF-1563101

ACM-104295

Role import did not resolve business sources for groups collected from an MAADC, and the role export XML file did not have the application name attribute for group entitlements.

SF-1543705

ACM-103471

After adding groups with the same name from different applications or directories to a role, the role remained with only one group.

SF-1564610

ACM-104162

Role preview changes showed the wrong items when a role set was modified in a role.

SF-1561439

ACM-104041

Roles that were assigned to removed role sets were unable to be viewed or modified by the role owners, if the roles were moved to other role sets but not committed.

SF-1539649

ACM-103719

After a user with non-administrator privileges clicked the Remove button to remove a role, the buttons did not refresh to say Removed as expected. This patch ensures that the buttons are correctly refreshed when the Remove button is clicked.

SF-1551679
SF-1559555

ACM-103698

Role Set Technical Owner/Other Technical Owner and Business Owner/Other Business Owner were unable to take bulk actions on their roles under Roles > Roles > Actions.

SF-1539762

ACM-103591

Role mining incorrectly considered deleted group membership.

SF-1486823
SF-1503678

ACM-102913
ACM-102552

Automatically generated revocation change requests for a role did not include role entitlements.

SF-1492099

ACM-102686

A change request to remove a user from several business roles completed but did not remove the user's access.

SF-1486823
SF-1503678

ACM-102913
ACM-102552

Automatically generated revocation change requests for a role did not include role entitlements.

SF-1467613

ACM-102474

After importing application metadata, the business and technical owners were not properly updated.

SF-1464633

ACM-101822

Users were able to see missing entitlements assigned to a user through a role, even after processing the Role Missing Entitlement Rule, because it was not recalculating required metrics.

SF-1380668

ACM-98267

The purging process now includes clean-up of abandoned RoleVersions.

Rules

                                           
IssueDescription

SF-1419556

ACM-99901

Improved query performance when retrieving Rule Violation Data.

SF-1382707

ACM-98587

User access and SOD rules created incorrect violation and change requests when a user was a part of a group's child sub-group. The incorrect change request was created to remove the subgroup's account from the parent group. This patch ensures that the violation and change items are correctly created to remove the account from the sub-group.

SF-1547928

ACM-103574

The Role Missing Entitlement Rule created a change request with duplicate items.

SF-1540199

ACM-103519

An Advance query in the search expression dialog that had the “IN” condition with multiple values resulted in an invalid relational operator error.

SF-1491818

ACM-103345

In segregation of duty (SoD) rule workflows, the decision node did not correctly transition to the true condition.

ACM-103184

 

A rule incorrectly tried to disable accounts without entitlements that were still pending or had in-progress change requests.

ACM-100858

When an entitlement explained by a role was in violation, the remediation action was performed on the entitlement instead of the role. With this patch, remediations on violations of entitlements explained by roles are performed on the role.

SF-1396248

ACM-99164

A change request contained a violation even after the violating entitlement was removed from the role.

Security

               

Issue

Description

SF-1430739

ACM-101433

When performing a key rollover/re-encryption, the collector or connector passwords were not re-encrypted with the latest keys until the collector or connector was re-saved from the user interface, even when the option to re-encrypt stored data was selected.

Server Core

                       

Issue

Description

SF-1554196

ACM-103947

System status notification events that were not processed before a restart were ignored and the indicator was not shown until the next occurrence.

SF-1550424

ACM-103701

The pruning process did not include canceled events.

SF-1453631

ACM-101881

The database SID and server name were logged into the T_ARCHIVE table as part of the archive process by reading the details from Aveksa_System.cfg. The Aveksa_System.cfg file is not available in WebSphere and WebLogic environments, so changes have been made to read the SID and server name directly from the database.

User Interface

                               

Issue

Description

SF-1587708

ACM-104907

The All tab under User > Requests only displayed pending requests and not completed requests.

SF-1547373

ACM-103542

After creating a change request, if a user browses away from the page or closes the window before submitting, the pending change request submission was not visible in the user's UI until logging in a second time.

SF-1560037

ACM-104001

The user interface now adjusts the size of select boxes to display selected text properly.

SF-1552651

ACM-103727

The table options dialog box displayed a horizontal scroll bar when the text was longer than the dialog width. Longer lines of text are now wrapped to prevent the need for horizontal scrolling.

SF-1540572

ACM-103430

The Activities breadcrumb in My Activities did not work as expected.

Web Services

                       

Issue

Description

SF-1546972

ACM-103586

Requests submitted using the createChangeRequest web service did not show violations when failOnViolation was set to false.

SF-1543914

ACM-103573

Calling the createChangeRequest web service did not work as expected from workflows.

SF-1440066

ACM-101501

The updateReviewItems web service did not work correctly for a user with multiple accounts.
Previous Topic:Fixed Issues
You are here
Fixed Issues in 7.2.0.02

Attachments

    Outcomes