|Applies To||RSA Product Set: RSA Via Lifecycle and Governance|
RSA Version/Condition: 6.9.1 P02 and P03
|Issue||Active Directory (AD) and Resource Access Control Facility (RACF) group entitlements that belong to roles are missing and cannot be added back. The screen shot below shows the issue.|
|Cause||Upgrading to RSA Via L&G 6.9.1 P02 or P03 causes data corruption. This problem does not occur when going directly to P04.|
|Resolution||To fix this issue, upgrade to Via L&G 6.9.1 P07. In case of collected roles, running the collections would bring back the role entitlements after patch deployment.|
For local roles applying P07 will not bring back the entitlements since there is no collection run. To bring back the missing entitlements, execute the attached SQL script as avuser using SQL*Plus. It is critical to use SQL*Plus rather than some other SQL tool, as the script file contains WHENEVER directives to prevent corruptions due to an interrupted transaction.
To execute the script,
1. Login to the server as the oracle user.
2. Transfer the attached ACM-55365_DevFix_691_P03_V4.sql script file to /home/oracle.
3. Stop RSA Via L&G.
$ acm stop
4. Connect to SQL*Plus as 'avuser' and run the script
$ sqlplus avuser/<avuser-password>
5. Start RSA Via L&G
$ acm start
|Workaround||Currently there is no workaround for local roles to bring back the missing entitlements. The SQL script file must be run in order for this issue to be resolved.|