The email template variable "isReviewActionable" is no longer relevant and has been removed.
Role Reviews with multiple overlapping reviewers had change request generation issues.
Revoke Request could not be created when notes exceeded 256 characters.
The custom attributes column order was different than the order of the column in the query. This is also fixed for the Approval > By Entitlements tab.
Corrected the behavior to consider all the roles involved in a bulk commit of entitlement removals from roles while generating indirect entitlements.
Change request creation failed when there was more than one Provisioning Command (Non-Visual) field in a request form.
During ASR report generation, if the collector definition had an invalid password setting then a decryption error occurred.
After user authentication, the AFX menu is disabled. This occurs intermittently but when it occurs the user must log out and re-authenticate.
Change Requests and Workflows
Entitlement type was set to "Owner" instead of "Account" when a change request was submitted via Web Services.
Revert Changes option was not working for both add/delete group from role.
Improved Change Request generation time when removing users from roles.
Apostrophe in role name leads to change request with SQLSyntaxErrorException: ORA-00907: missing right parenthesis.
Fixed the Intermittent deletion of SQL Queries under SQL Nodes in a Workflow job.
Out of Office delegation picked removed members of a Role/Group, if a group/role is assigned for change request approval activity and the deleted member is Out of Office.
When the Change Request description reached maximum size, if AFX tried to update the description it would repeatedly retry and fail until the size was reduced. AFX handles the description update within the size limit now.
On initialization of a Generic REST collector connection, the property key for setting and getting the proxy credentials was ignored when it did not match the collector settings. The property keys used to obtain proxy settings are now synced and used during initialization.
In the Workday collector, when connecting to the Workday instance, the configured proxy settings were overwritten by the latest CXF library. The proxy settings are now retained.
In the CSV Account Collector, when running a test collection with an empty CSV file, a stack overflow error was not properly handled.
SF – 01657878
ADC & MAADC rejection SQL was optimized for better performance.
When ADC and EDC collectors did not run according to schedule, they were also not saved correctly after creation .
AD Collectors failed if certificates were selected in the UI using a DNS server with multiple domain controllers as each time the DNS server may point to a different domain controller with a different certificate.
In the Generic REST collector, if the mapped attribute JSONPath did not have a value in the response then it collected the wrong value.
SSH sessions were sometimes not closed after executing commands in the SSH connector.
SQL queries were tuned by adding indexes to improve performance.
Dashboard fact "System Admin: Admin Errors" showed the incorrect error count. It included deleted admin errors.
Data Collection Processing and Management
Identity and Metadata collectors showed the incorrect "Last Successful Collection Date".
Improved performance of SQL involved with rendering collector Raw Data tabs.
Identity Collectors were getting delayed on the change verification step.
SF-01678013, 01680801, 01688675, 01690672
For 7.2.1, rules that involve picking global roles have been updated to use advanced role pickers. With that, the earlier rule definitions had to be migrated to the new format.
Migration however failed when there were special characters in the role names.
Migration took six hours to complete on ACM-102938.sql.
A null pointer exception observed while using multiple Provisioning Commands (Non-Visual) is now handled.
Translation was missing for Request form title
Request form 'Next' button was grayed out when a display script was generated for non-visual entitlement tables.
Role import was not using application references to resolve the group entitlements of a role. Groups with similar names in multiple business sources were being confused when importing roles if a similar group was added as role entitlement.
Suggested Members Functionality showed multiple rows.
UINC/UOOC Rules were activated if there were actions on membership rules. Otherwise, they were deactivated.
Business and Technical Roles did not display as part of 'Suggested' or 'Optional' entitlements on the Activity UI.
The "Business Owner" is replaced with "Business Unit Business Owner" for Rule remediation node in workflow.
The "Assigned Remediators" column is showing the respective remediator name on Violation Details dialog for all Rules pages.
A User Access Rule detected violations for deleted group members if the group was part of the entitlement condition.
Termination Rule ignored the disabled roles and the entitlements underneath the role while revoking access from the terminated users.
In SecurityContext.csv, “Change Request,Subordinates..” has been removed to improve performance of request page loading. Supervisors can now view their subordinates' request details through the UI.
To address the vulnerability CVE-2020-13935, the tomcat version was upgraded from apache-tomcat-7.0.104 to apache-tomcat-7.0.106.
'Basic Constraint' extension of aveksa_ca cert was not flagged as critical, making the certificate non-complaint with the RFC-5280 standard.
The IHS Plugin for Websphere 188.8.131.52 and later rejected IG&L requests due to strict enforcement of RFC-5280 standard on certificates.