Opening a pop-up for a deleted object in a review displays object entitlement details for the object.
A role review always showed the committed state even though the latest role definition (not committed) had been picked up in the role review. Now the current role state is shown in the role review.
Role review results display incorrect count totals for members and entitlements. The actual number of members and entitlements in the review are correct, but the total counts are wrong. This occurs when a member or entitlement is deleted from a local role and then added back to the role.
You can now configure a group review definition to make bulk actions available for the members and entitlements tabs in a group review.
In the review escalation workflow, when the review state is changed to 'Complete', the system now also changes the review state to complete.
Bulk actions did not work on account entitlements in an account review.
The product has been updated to construct a URL link to data resource reviews and data ownership reviews. Previously only null URLs were generated for those reviews.
A runtime exception prevented the ability to sign off on a group in a group review.
Account names with spaces/special characters are not allowed, however migration from earlier versions did not convert the existing data to underscores.
Suppressed invalid mule warning: “We are looking into adding support for this JDK version. Use it at your own risk.”
AFX was deleting an account before deleting the associated entitlements, which caused failures. Fulfillment order is now maintained for accounts.
Change Requests and Workflows
A REST connector within a workflow provisioning node failed to generate a session token.
Large amounts of workflow data caused a numeric overflow error. Workflows have been extended to handle this issue
Purging now includes the additional unused data associated with change requests that are waiting for dependencies.
Characters such as '&', '>' '<' etc. are treated differently in XML based SOAP connectors. These characters are now encoded in input values before the SOAP payload is created.
Scheduled pending submission cleanup jobs fail intermittently with error ‘ORA-02292: integrity constraint (AVUSER.FK_CRDETAIL_DEPENDENCY_CRI_ID) violated - child record found’.
Email nodes now support imbedded base64 images.
Null pointer exceptions are now handled while workflow watch processing of workflow job data is erased by purge schedule.
AirWatch connector test failed with a timeout due to an unhandled error when the profile value was null.
Duplicate resources were created when trying to match a name with a fully qualified name.
The sub-select clause displays a warning message during data collector queries.
The generic REST account data collector mapped attribute values to the wrong account when the mapped attribute was null in the response.
While configuring LDAP collectors using SSL, LDAP server certificate host name validation was incorrectly coded to be case sensitive.
The RESTful connector did not properly escape double quotes and was not handled when the header contained content-type = application/json;charset=UTF-
ServiceNow connector failed while running capabilities due to conflicts in the Apache cxf libraries.
On initialization of the generic REST collector connection, the property key for setting and getting the proxy credentials from the collector settings did not match, causing the proxy settings to be ignored in the connection.
Role membership capabilities were added for AFX connectors under the role category.
Data Collection Processing and Management
Some SQL associated with collections defined as DB Type CSV fails with java.sql.SQLException: java.lang.ClassCastException error.
The CSV collector was failing to collect some outer left join fields.
Identity and metadata collectors showed an incorrect “Last Successful Collection Date”.
Security context queries have been optimized for permissions related to role membership on large datasets.
Email approvals from an Outlook client resulted in "reply could not be understood" message in IG&L.
When editing an email template from the workflow, the HTML was improperly sanitized of HTML head and body tags.
Database-only installation failed if install directories were not created with appropriate umask in place.
Some form filters displayed null values when a user switched from ‘Advance’ to ‘Simple’ mode.
The request form field filter with business source picker failed after upgrade.
Total entitlement counts were not getting updated under Directory/Applications to include local entitlements.
Importing rules failed if Ruleset Name and Rule Set Raw Name were different. Importing Rule now only uses the Rule Set Raw Name as the identifying unique ID.
Code failed to handle errors associated with importing deleted attribute sync mappings.
In Report > Charts when the Show percent values option was deselected, the absolute number values were displayed in both preview and actual charts without any invalid message.
Changes to ACL role set attributes were not reflected until the user changed the tab or reentered the page.
During SOD role processing, the error, "unable to get a stable set of rows" sometimes occurred while populating violation data.
Duplicate change requests were created with Provisioning Termination rule for the ‘Revoke Entitlements’ action if the rule ran multiple times for the same user.
The roles 'business-role' and 'technical-role' were not listed in entitlement modelling of the joiner/mover rule. This only occurred when the role-set is added as an entitlement filter condition.
When the “Attribute Change” rule was fixed to add users, the change request also created a ‘System’ User. The system user is no longer created.
If a termination rule was triggered while a change request was being created, the fulfilment date shown was the previous days.
User details were missing in the attribute sync change request.
Advance search for connectors failed for connector state or status.
Email approvals from Outlook client resulted in "reply could not be understood" in IG&L.