000031077 - Group entitlements missing from Roles after upgrading to RSA Via Lifecycle and Governance (L&G) 6.9.1 P02 or P03

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000031077
Applies ToRSA Product Set:  RSA Via Lifecycle and Governance
RSA Version/Condition:  6.9.1 P02 and P03

IssueActive Directory (AD) and Resource Access Control Facility (RACF) group entitlements that belong to roles are missing and cannot be added back.  The screen shot below shows the issue.
User-added image
CauseUpgrading to RSA Via L&G 6.9.1 P02 or P03 causes data corruption. This problem does not occur when going directly to P04. 
ResolutionTo fix this issue, upgrade to Via L&G 6.9.1 P07.  In case of collected roles, running the collections would bring back the role entitlements after patch deployment.
For local roles applying P07 will not bring back the entitlements since there is no collection run.  To bring back the missing entitlements, execute the attached SQL script as avuser using SQL*Plus.  It is critical to use SQL*Plus rather than some other SQL tool, as the script file contains WHENEVER directives to prevent corruptions due to an interrupted transaction.
To execute the script,
     1.  Login to the server as the oracle user.
     2.  Transfer the attached
ACM-55365_DevFix_691_P03_V4.sql script file to /home/oracle.
     3.  Stop RSA Via L&G.

$ acm stop

     4.  Connect to SQL*Plus as 'avuser' and run the script

$ sqlplus avuser/<avuser-password>
SQL> @ACM-55365_DevFix_691_P03_V4.sql

     5.  Start RSA Via L&G
$ acm start
WorkaroundCurrently there is no workaround for local roles to bring back the missing entitlements.  The SQL script file must be run in order for this issue to be resolved.