000039243 - Performance issues seen when processing Role modifications in RSA Identity Governance & Lifecycle

Document created by RSA Customer Support Employee on Aug 18, 2020
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000039243
Applies ToRSA Product Set: RSA Identity Governance & Lifecycle
RSA Version/Condition: 6.9.1, 7.0.x, 7.1.x, 7.2.0
 
IssuePerformance issues are seen when committing Role modifications. (Roles > Roles > {Role name} > Apply Changes).
 
CauseThis is a known issue reported in engineering ticket ACM-98267.

To verify if you have this issue, run the following two queries as AVUSER:

select count(*) from t_av_roleversions rv
where state in ('TN', 'T', 'R', 'CR', 'CC', 'UD') -- All other States are for Pending RoleVersions
   -- If there is no corresponding Role:
   and not exists (select 1 from t_av_roles r
                    where r.deletion_date is null and r.id = rv.role_id)
   -- If there is no CRI that uses it as VALUE or OPERATOR:
   and not exists (select 1 from t_av_change_request_details cri
                    where cri.value_type = 'PR'
                      and cri.value_id = rv.roleversion_id)
   and not exists (select 1 from t_av_change_request_details cri
                    where cri.operand_type = 'PR'
                      and cri.operand_id = rv.roleversion_id);


and



select count(*) from t_av_model_explodeduserents m
where (role_type = 'P' and
        not exists (select 1 from t_av_roleversions rv where rv.roleversion_id = m.role_id))
    or (role_type = 'C' and
        not exists (select 1 from t_av_roles r where r.deletion_date is null and r.id = m.role_id));


If either query returns positive values, you have this issue.
 
ResolutionThis issue is resolved in the following RSA Identity Governance & Lifecycle patch levels: 
  • RSA Identity Governance & Lifecycle 7.1.1 P07
  • RSA Identity Governance & Lifecycle 7.2.0 P02

 

Attachments

    Outcomes