000028181 - KB-1212 Known issues/Limitations of ACM 3.6.3

Document created by RSA Customer Support Employee on Jun 15, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000028181
Applies ToAffected Versions: 3.6.X
ResolutionKnown Issues and Limitations.
This document lists known issues in Aveksa Compliance Manager v3.6.3 that will be fixed in a future release.
Data Collectors
Extra scheduled collection (3291) - A scheduled collection occurs one more time after the schedule has been disabled.
Unable to collect multiple owners (4226) - Data collectors for LDAP data sources cannot collect multiple user group owners.
Data is not correctly synchronized (5120) - Data collection is not synchronized correctly if collections overlap. Provide an adequate interval between collection runs to avoid the problem.

Email Templates
Email template incorrectly includes previously specified recipients (4395) - When a user who is configuring an email template from an existing template reverts back to the first Create Email Template page after having selected users and then chooses to not base the configuration on any template, the recipients specified previously are incorrectly included in the configuration.
Workaround: Exit the current template creation session, and start over.
Network configuration script for SUSE 10 (5696)
Both modifynetworksettings.sh and setnameserver.sh need to be revamped to support SUSE 10 installs. Both scripts fail when run on a SUSE 10 box.
Provisioning Systems Integration
Exporting revised role definition creates new provisioning policy for the same role (5003) - When a role definition is revised with a new user and is exported to ITIM, an unnecessary new provisioning policy is created for the user on the ITIM system. The existing policy should be updated instead. Option for creation of the policies for the roles during roles import into ITIM should only be selected once when the same roles files is used for import multiple times. Selecting the option multiple times will result in duplicate creations of the policy.
Admin exception thrown when role in ACM and ITIM is revoked (4993)- When a role that has been deleted in ITIM is revoked in an Aveksa user review, ACM throws a “role cannot be found” exception. This exception can be safely ignored.
A role is not committed in Novell Identity Manager (5417)- You must provide valid levels and container values that are available in Novell Identity Manager to confirm successful role creation.
Special characters not allowed by Novell Identity Manager Roles-Based Provisioning Module (5560) -
Roles developed in Aveksa Compliance Manager cannot be pushed to Novell Identity Manager if they include the following characters:
< > , ; \ " + # = / | & *
installNovellIM.sh sometimes fails with sqlplus (5603)- If you install Novell AGS, and then immediately afterwards try to run the installNovellIM.sh script file, it fails because it can't find the sqlplus command. Workaround: If you reboot first (or probably if you manually start sqlplus), then you can run installNovellIM.sh and it completes without error.

Unable to export all report fields (4386)- The report export feature does not save all fields to the .jrxml export file.
Unable to export large reports (4597)- Users cannot consistently export report results that include more than 200,000 records to the .jrxml export file.
Unable to import all report fields (4468)- Users cannot consistently import all report fields from a previously exported .jrxml file.
Report filled in background failure (4604) - Report with over 500,000 records fails to fill in background.

Exception generated for a user review when a local role has been deleted (4433)- Aveksa Compliance Manager generates an exception during a user entitlement review if the user who was once a member of a local role that was deleted. Also, the user reference does not appear in the review after the local role has been deleted.
Review items do not appear for rejected items (4907)- If review items are rejected by a reviewer and then reassigned to another reviewer, the review items do not appear in the view invoked by the View button.
“Change Activity” tab in reviews doesn't display any information (4909)- In a case where a change request created from reviews for a deleted local role gets rejected while there are pending approvals, the Change Activity tab of a review report does not show the role details.
“Change Activity” tab should display single change item when entire role is revoked (4933)- The Change Activity tab in a role review result displays multiple change requests for all the review items which were revoked as a part of role rejection.
Change request generation inordinately slow (5484)- When un-reviewed items are updated to the “Revoke” state and the review owner chooses to create change request for each user who has a had a review item revoked, the change request process generation process is inordinately slow.
Un-reviewed items not updated correctly (5527)- When un-reviewed items are updated from the Update Un-Reviewed Items button, the items are not updated if they are also unassigned items.
Incorrect “Supervisor” value in review definition import (5069)- The supervisor value does not resolve correctly on the target system when the review definition is imported from one system to another.
Review still appears in “My Tasks” for after it has been reassigned (5647)- When a review has been reassigned to another alternate manager, the review still appears in the original alternate manager’s “My Tasks.”

Role Management
Incorrect “Created On Date” for a role (3815)- When the state of role is changed, from committed to pending for example, the Created On Date field incorrectly displays the last modified date instead of the creation date.
Value entered for a role custom attribute disappears (5467)- All the custom attributes created for global roles must be chosen for display under “General” tab to avoid this issue.
Import of local entitlements fails (5464)- The import fails if the file only includes resource and action fields.
A role’s user constraint specification disappears (4895)- The user constraint specification and associated actions disappear from the role definition after changes are applied to the role. Workaround: Commit the role before you configure the user constraint specification for it.
Indirect view of entitlements and groups not displayed (5737)- The views of entitlements and groups (of users) indirectly granted to members of a global do not appear in all views.
“Suggest Users” in a role set does not return correct results (5829)- No users are displayed when the “Add users matching role constraint” option is selected.
Exceptions when using filtering functionality (5859)- Using the IN and LIKE filters for “Add Roles” and for “Group ” and “Global Role” for user constraint specifications throws an exception.
Role memberships removed from role (5865)- When a new member (user , sub-role , entitlement , application role , or group ) is added to a role created from in a role set and then committed, the existing member is removed from the role.
“Suggest Users/Entitlements” displays wrong count for elements matching constraint (5886)- The number (3 of 4 for example) of users or entitlements indicated by the “Suggest” option does not match the number of users or entitlements displayed when you invoke the list of suggested users or entitlements.
Links related to application roles under “Global Roles” do not display data (5744)- Users are not displayed for members having a particular application role, and application roles are not displayed for members missing application roles.
Group to user->ent explosion is happening for entitlements coming via a sub-role in a global role (5798)- Indirect activities for User groups to User ->Entitlement is displayed in a change request if a group of users is added to a role.
Total direct entitlement count in “Members->Users” table for a role is incorrect (5894)- The number of direct entitlements displayed under the “Total Direct Entitlement” column is not correct.
Disabled global roles available in selection windows (5891)- Disabled global roles are available in various selection windows throughout the product, but they should not be. Only enabled global roles should be available for selection criteria.
“ Suggest Roles to Combine” feature does not combine roles (5892)- When a user chooses the roles to combine, a new role is not created.

User Account Management
Import of user to accounts mapping fails (3977)- When the imported mapping file was created by some Windows supported text editors, the import failed. Workaround: Convert the file to a Unix or Linux format (use vi for example).

User Interface
Table sorting issue (4002)- Sorting does not work properly in table views when there are more items (with same value) that can be displayed in a single page.
Table columns are not sortable or filterable (5414)- The “Users” table does not allow you to successfully sort and filter columns.
Entitlement Details Pop-Up Slow to Appear (5712)- The entitlement details pop-up window takes an inordinate amount of time to appear if it includes a large volume of details about application roles and global roles. Workaround: Create the following parameters and provide a value of “True” in the Custom panel under Admin -> System -> Edit Settings:
DisableGlobalRoleInEnt = True
DisableAppRoleInEnt = True