Fixed Issues in 7.2.1

Document created by RSA Information Design and Development Employee on Sep 10, 2020Last modified by RSA Information Design and Development Employee on Sep 15, 2020
Version 2Show Document
  • View in full screen mode

The following issues were fixed in RSA Identity Governance and Lifecycle version 7.2.1.

Access Certification

                                           

Issue

Description

SF-1475193

ACM-103400

Review bulk actions were not always persisted for items across all pages when comments were added or when the state of the review items was changed to NONE.

SF-1499829

ACM-102779

Review monitors with read and write privileges on a review were incorrectly able to edit and create escalations on reviews.

SF-1484596

ACM-102479

Alternate managers were able to self-review items even when the self-review option was not enabled on a review.

SF-1586270

ACM-104765

The help text for account review action buttons previously displayed help text for user access reviews. Now the correct help text is displayed.

SF-1606790

ACM-105569

The count on the view status bar is now displayed correctly based on whether the user is an admin or monitor.

SF-1438035

ACM-106042

When there were separate change requests to revoke accounts' entitlements and the account as a whole, canceling the for account entitlements reduced the account’s review progress from 100% when it should remain at 100% while the account as a whole is revoked in review.

SF-1582475

ACM-104736

The new review user interface did not display some Swedish characters properly.

SF-1278861

ACM-93485

The Backup Business Owner and Other Business Owner were not included as review monitors by default when Business Owner was selected. The system has been updated to include all types of business owners as monitors.

Access Requests

                                               

Issue

Description

SF-1022256
SF-1462122

ACM-84860

Revoking local entitlements were automatically completed by the system even when the ApplyImmediate tag was set to false. The system now correctly considers the ApplyImmediate tag when processing.

SF-1606159

ACM-105676

When a change request was created and the system restarted, if no workflow had been created and linked to the change request, the system created a request workflow based on the configuration. Previously in RSA Identity Governance and Lifecycle 7.1.1, the configuration was based on the workflow on the configuration screen. However, when using a request form with a request workflow assigned, the system did not use that assigned workflow. In 7.2.0, RSA Identity Governance and Lifecycle enabled the configuration of which request workflows to use at the role set level, and this fix takes that configuration into consideration.

SF-1556834

ACM-104089

Change requests displayed the wrong user name associated with a canceled change request message. Change requests now correctly display the user that initiated the canceled workflow job.

SF-1616174

ACM-106063

Pending submission change requests were not properly cleaned up.

SF-1587581

ACM-105533

Account names with spaces or special characters are not allowed, but migration from earlier versions did not convert the unsupported characters to underscores as expected.

SF-1381633
SF-1441562
SF-1379016
SF-1397555
SF-1546668
SF-1457040

ACM-98504

An account that was disabled and then deleted could not be recreated for a rehire because the account name already existed in the system.

SF-1604704

ACM-105756

Unable to reject approvals for application role items.

SF-1544144

ACM-103501

Hardened code to prevent duplicate out-of-office entries for a given user.

SF-1541463

ACM-104020

A user had duplicate local entitlements when activity was assigned in Manual Activities.

Account Management

               

Issue

Description

SF-1457802

ACM-102023

During attribute synchronization, AFX had updated Active Directory with the text from a command parameter mapping instead of the actual value.

ACM Security Model

                   

Issue

Description

SF-1427402

ACM-101172

The security scope pop-up did not display "Report Result: Run" or "Report Result: View Report" when there was no result generated for those reports. Now the report name is displayed in the pop-up even if a report result does not yet exist.

SF-1591275

ACM-105178

Supervisors were unable to see the details of requests created by their subordinates or others.

AFX

                           

Issue

Description

SF-1134811

ACM-85408

When a change request in an RACF connector used the $ symbol in a value, the $ symbol and everything following it was skipped during execution.

SF-1574539

ACM-104735

After AFX restarted, the settings for a connector configured with a password vault configuration did not substitute the credentials correctly.

SF-1590723

ACM-105499

Changing the response timeout for RESTful web service connectors had no effect on non-GET requests.

SF-1445248

ACM-101553

When a single work item out of multiple work items in a change request was not fulfilled by AFX, change requests were kept in the fulfillment phase and their associated workflows were flagged as stalled. The work item was fulfilled only after restarting AFX.

Attribute Synchronization

                   

Issue

Description

SF-1593127

ACM-105245

Attribute synchronization request did not generate a workflow for managed attributes, because the system closed the connection before the request was processed.

SF-1589184

ACM-104937

The strings "Contains Privileged Access" and "Business Criticality" were not localized.

Change Requests and Workflows

                                                                           

Issue

Description

SF-1492500

ACM-103314

The user interface previously allowed users to cancel change request items in a pending verification state only if the change request was in the open state and the workflows were in an active state.

SF-1549340

ACM-103619

The due date for an approval node was previously dependent on the start time of the job.

SF-1399646

ACM-102701

When an approval was rejected, the email incorrectly used the user ID instead of the ID for a dynamic role or group.

SF-1472575

ACM-103356

Clarification was needed that the "Max items per change request" setting does not affect change requests that add or remove entitlements from roles.

SF-1477172

ACM-102222

Requests with all watches closed incorrectly remained open.

SF-01599922

ACM-105347

When using the Cancel/Undoing workflow settings on the request-level workflow, when using an escalation workflow, a request could get stuck in the Canceling state.

SF-1538952

ACM-105010

Rejection of an escalation workflow could result in the Reject Items node becoming stuck.

SF-1478898

ACM-103802

An entire change request was rejected when it contained a change item related to a deleted role. This has been fixed to reject only items containing the deleted role reference.

SF-1598634

ACM-105433

Class cast exception occurred when using a selected role ID in a fulfillment node.

SF-1577028

ACM-106051

The Entitlements and Application Roles approval workflow was not triggered as expected.

SF-1592259

ACM-105056

Unable to save a hyperlink in a workflow email when the value contained a job-level variable.

SF-1537522

ACM-104940

The technical approval node email created an email with the incorrect thread name.

SF-1566993

ACM-104864

The change request milestone did not display approvals that were canceled due to escalations.

SF-1539391

ACM-103523

The Aveksa Statistics Report (ASR) displayed a larger number of pending activities than were actually pending in RSA Identity Governance and Lifecycle.

SF-1544939

ACM-103621

Admin error emails with incorrect warn-level log messages about queue depth were being sent.

SF-1557572

ACM-103996

Improved queries with large role modifications to avoid Oracle limits for the number of parameters.

Collector

                                       

Issue

Description

SF-1594887

ACM-105142

The Last Successful Collection Date was incorrectly updated after a collection was aborted, for example by the circuit breaker. This value is now updated only after a successful run.

SF-1567476
SF-1595666

ACM-104753

Running an SQL query with multiple CSV files in the group data query in Account Data Collector with the HXTT CSV Driver was getting incorrect results.

SF-1598577

ACM-105338

The Generic REST collector failed with an unexpected content-type error.

SF-1582343

ACM-104961

Optimized parsing of JSONPath for array of child elements in Generic REST EDCs.

SF-1439321

ACM-100947

The RESTful webservice connector had required a client secret when using OAUTH2 authentication. The client secret is now optional, because it is not required by OAUTH2 protocol.

SF-1589041

ACM-104046

Existing functionality for the Generic REST collector did not parse data using JSONPath for multi-level child attributes and partial match of account attributes.

SF-1561165

ACM-104088

When deleting older data runs, large groups of selected jobs are used and connections could exceed the maximum Oracle processes. This has been optimized to handle large groups of data properly.

Connector

                                       

Issue

Description

SF-1478347

ACM-103127

After importing an AFX connector, the import displayed the raw name of the connector instead of the display name.

SF-1478347

ACM-103128

When cloning a connector after changing its name, a connector with a duplicate name was created.

SF-1579875

ACM-104975

When an Active Directory account was created with a slash (/) in the account name, change requests failed with a naming exception. Processing has been fixed to handle the slash character (/) in account creation.

SF-1611994
SF-1608511

ACM-105907

During connector deployment, the substitution of connector settings of password value was not properly substituted to capability command code.

SF-1601214

ACM-105330

When using a regular expression within a RESTful connector that contained the plus (+) characte, the + was replaced by a space when saving the connector.

SF-1403423

ACM-103358

When using the Salesforce REST connector, the updateAccount command with additional parameters failed to update the new parameters on the endpoint.

SF-1553830

ACM-104033

When using Salesforce AFX connector, the proxy details to fetch the access token are not persisted, if not provided when connector is created first time.

Custom Attributes

                   

Issue

Description

SF-1587983

ACM-105009

The duplicate display names of custom attributes across objects has been fixed by prefixing them with the object name in the user entitlement search expression builder. This allows the user to pick the correct custom attribute when duplicate attributes exist.

SF-1469946

ACM-102090

Custom field pointing to an object was not usable in entitlement rules and content filters for user access reviews.

Data Collection Processing and Management

                                                   

Issue

Description

SF-1590068

ACM-104994

Scheduled unification ran even when the mandatory collector failed.

SF-1542605

ACM-104538

Deleting a collector did not clean up the t_av_job_stats data, causing data inconsistencies in the database.

SF-1564521

ACM-104148

After a supervisor's name was edited in a data source and then collected by RSA Identity Governance and Lifecycle, the new supervisor name was not shown in user records under the Supervisor field.

SF-1580538

ACM-104589

During the “Process Deleted Role Relationships” step of an indirect relationship processing run, some collections ran slowly on environments with Local Roles containing large number of entitlements and/or Collected Roles.

SF-1591514

ACM-105117

Duplicate identities were created for rehires that were moved to a different OU.

SF-1626177
SF-1628439

ACM-106467

Some SQL associated with collections defined as DB Type CSV failing with java.sql.SQLException: java.lang.ClassCastException error.

SF-1605864

ACM-105803

CSV collector did not populate some joined fields.

SF-1592985

ACM-105775

NVL function in Account Mapping queries failed when the account length was more than 20 characters.

SF-1592952

ACM-105059

The Active Directory ADC rejected group memberships for accounts with distinguishedName values larger than 256 characters.

SF-1470968

ACM-103361

Added optimizations for databases with large data sets when doing change verification tasks.

Database Management/Performance

                                           

Issue

Description

SF-1584073

ACM-104642

Optimized the database index in the rule table to improve rule pre-processing.
ACM-105383Corrected the spelling of the state name "Invalid" in the State column of the public view PV_AV_AFX_REQUEST.

SF-1554010

ACM-103944

Improvements made to business description processing.

SF-1610940

ACM-105801

ArchivePurge_Pkg failed on t_av_rules.

SF-1603892

ACM-105448

Archive purging runs erroneously converted hours to days, causing the data purge to end prematurely.

SF-1581937

ACM-105346

The ASR report "Configuration Problems" did not identify 12.2 optimizer settings. Now, ASR report generation queries are reframed dynamically to find the recommended settings for specific Oracle versions.

SF-1582473

ACM-104885

Long-running data purging became stuck during cleanup of WP_WI_ALERT.

SF-1593317

ACM-104869

The public view PV_REVIEW_DEFINITION has been updated to exclude duplicate and deleted review definitions.

Email

               

Issue

Description

SF-1610400

ACM-105875

Caching of column values caused incorrect content written into email. Caching has been removed.

Installer

               

Issue

Description

SF-1645748

ACM-107185

Upgrade Database migration failed if Database is configured with non-default Tablespace names.

Local Entitlements

                   

Issue

Description

SF-1551011

ACM-103676

Local entitlement did not appear in the total entitlements count in the directory/application.

SF-1468644

ACM-103319

A change request was unable to process the removal of a local entitlement from a deleted user.

Metadata Import/Export

               

Issue

Description

SF-1510215

ACM-102938

Business users had been unable to edit role names and description after import.

Migration

               

Issue

Description

SF-1567387

ACM-104240

When performing a migration of a very deep (multi-level node) workflow, the upgrade error ORA-01489 occurred.

Reports

                   

Issue

Description

SF-1483936

ACM-102582

After running an unscheduled report, the related email incorrectly attached the last scheduled report.

SF-1537039

ACM-103677

Aveksa Statistics Report (ASR) generation was stalling in the Generating state.

Request Forms

                   

Issue

Description

SF-1578947
SF-1587329
SF-1583489

ACM-104553

Indirect entitlements held by a user were incorrectly available for selection in request forms when the control type was set to Entitlement Table.

SF-1492188

ACM-103789

After a user set a default value for the "Drop down select" field in a request form, the Next button appeared disabled while running the form.

Role Management

                                                                                               

Issue

Description

SF-1539649

ACM-103719

After a user with non-administrator privileges clicked the Remove button to remove a role, the buttons did not refresh to say Removed as expected. This patch ensures that the buttons are correctly refreshed when the Remove button is clicked.

SF-1539762

ACM-103591

Role mining incorrectly considered deleted group membership.

SF-1539132

ACM-103354

Deleted or obsolete role versions were occasionally not properly removed from system tables.

SF-1518077

ACM-103240

Custom Attribute columns displayed an incorrect value during role analysis for suggested entitlements.

SF-1485467

ACM-102423

When exporting all roles, the entire export failed when an unexpected error occurred for any of the included roles.

SF-1134364
SF-1195336

ACM-86976

The role management history table occasionally displayed two instances of the role to change request link instead of just one.

SF-1547382

ACM-103544

RSA Identity Governance and Lifecycle handled identical change requests differently when they were made for business roles or single entitlements.

SF-1592592

ACM-105029

Change requests generated from the Role Review role did not consider Accounts, causing entitlements to be missed.

SF-1583693

ACM-104431

Incorrect calculations occurred for local role dependencies related to multi-level roles and/or disabled roles.

SF-1610264

ACM-105804

When a role import failed, exception details were not displayed.

SF-1605559

ACM-105516

The role set drop-down is now sorted by name instead of raw name.

SF-1559134

ACM-105406

Pending change requests were updated if the associated role for the change request was moved from one role set to a different role set before the change request was completed.

SF-1575075

ACM-104536

A user was not removed from all nested roles when the user was removed from a parent role in the Members tab.

SF-1604855

ACM-105662

Change request creation failed because of a size limitation when bulk removing a user from a large number of roles, either by revoking them through a rule or explicitly requesting to remove them.

SF-1464633

ACM-101822

Users were able to see missing entitlements assigned to a user through a role, even after processing the Role Missing Entitlement Rule, because it was not recalculating required metrics.

SF-1467613

ACM-102474

After importing application metadata, the business and technical owners were not properly updated.

SF-1508343

ACM-102991

Unexpected behavior occurred when technical roles had a cyclic dependency.

SF-1543705

ACM-103471

After adding groups with the same name from different applications or directories to a role, the role remained with only one group.

SF-1561439

ACM-104041

Roles that were assigned to removed role sets were unable to be viewed or modified by the role owners, if the roles were moved to other role sets but not committed.

SF-1564610

ACM-104162

Role preview changes showed the wrong items when a role set was modified in a role.

SF-1563101

ACM-104295

Role import did not resolve business sources for groups collected from an MAADC, and the role export XML file did not have the application name attribute for group entitlements.

Rules

                                                       
IssueDescription

SF-1491818

ACM-103345

In segregation of duty (SoD) rule workflows, the decision node did not correctly transition to the true condition.

SF-1419233

ACM-100266

Unable to change the status of a rule when the rule action to send email contained deleted users.

SF-1470661

ACM-102053

User coverage in Segregation of Duties (SoD) rules did not filter users with a null attribute value.

SF-1478081

ACM-102303

After editing a joiner rule, the workflow reference was reset to the default out-of-the-box workflow.

SF-1419556

ACM-98823

Optimized queries related to violation tables to improve rendering.

SF-1442843

ACM-103662

SOD rules failed due to a data type conflict.

SF-1615486

ACM-106007

Rules pre-processing was triggered twice when a collector was triggered with an identity collector and unification. However, two rule pre-processing events cannot exist in the queue in a New or Running state at any point of time.

SF-1382707

ACM-98587

User access and SOD rules created incorrect violation and change requests when a user was a part of a group's child sub-group. The incorrect change request was created to remove the subgroup's account from the parent group. This patch ensures that the violation and change items are correctly created to remove the account from the sub-group.

SF-1419556

ACM-99901

Improved query performance when retrieving Rule Violation Data.

SF-1540199

ACM-103519

An Advance query in the search expression dialog that had the “IN” condition with multiple values resulted in an invalid relational operator error.

SF-1547928

ACM-103574

The Role Missing Entitlement Rule created a change request with duplicate items.

Security

               

Issue

Description

SF-1618107

ACM-106164

In workflow emails, hyperlinks that contain a dynamic workflow variable were removed.

Server Core

               

Issue

Description

SF-1595163

ACM-105321

Updated the Apache Tomcat library to address a vulnerability.

User Interface

                                       

Issue

Description

SF-1488517

ACM-102504

After importing a database from another system, the workflow monitoring tab displayed both the current node name and the original node name.

SF-1512524

ACM-104556

A "request could not be handled" error occurred when editing some groups.

SF-1576856

ACM-104507

The date format under AdminWorkflowMonitoringQueues now displays the same date format as is configured under the User option.

SF-1546960

ACM-103552

In the latest version of Firefox, frames in the user interface was sometimes reduced to a smaller area with scroll bars.

SF-1602260
SF-1603131

ACM-105500

When displaying change requests that had an Escalation the Requests screen displayed an error in the first column when the Escalations column was used.

SF-1587708

ACM-104907

The All tab under User > Requests only displayed pending requests and not completed requests.

SF-1547373

ACM-103542

After creating a change request, if a user browses away from the page or closes the window before submitting, the pending change request submission was not visible in the user's UI until logging in a second time.
You are here
Fixed Issues in 7.2.1

Attachments

    Outcomes