000033669 - RSA Archer 5.x LDAP Synch completes, but Failure Detail has strange exception at the end

Document created by RSA Customer Support Employee on Aug 5, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000033669
Applies ToRSA Product Set: Archer
RSA Version/Condition: 5.x
IssueAfter LDAP Synch completes, the Failure Detail log file has strange error at the end.
ArcherTech.Common.Exceptions.ValidationMessageException: ArcherTech.Common.Validation.ValidationMessage
7/14/2016 12:40:35 PM ArcherTech.Common.Exceptions.ValidationMessageException: ArcherTech.Common.Validation.ValidationMessage
CauseThe LDAP Synch is unable to delete an LDAP Group because the LDAP Group is assigned to a Record Permissions or Users/Groups List field in a Content Record.  
ResolutionSteps are from KB 33667: When deleting a Group in RSA Archer, a warning occurs: The group contains a dependency to content.
  1. Run the following SQL command against the Instance database to find the Content Records.
  2. Update the WHERE clause in the SQL command below with the Group Names linked to Content Records.
    SELECT mt.module_name AS ModuleName, c.content_id AS ContentId, ft.field_name AS FieldName, g.group_name AS GroupName 
    FROM tblIVGroupContent gc WITH(NOLOCK)
    JOIN tblGroup g WITH(NOLOCK) ON gc.group_id=g.group_id
    JOIN tblIVFieldDef fd WITH(NOLOCK) ON gc.field_id=fd.field_id
    JOIN tblIVContent c WITH(NOLOCK) ON gc.content_id=c.content_id
    JOIN tblModule m WITH(NOLOCK) ON c.module_id=m.module_id
    JOIN tblModuleTranslation MT WITH(NOLOCK) ON MT.module_id = m.module_id
    JOIN tblFieldTranslation ft WITH(NOLOCK) ON fd.field_id = ft.field_id
    WHERE g.group_name IN ('Group A', 'Group B', 'Group C')
    ORDER BY ModuleName, ContentId

  3. The SQL command will return the Module Name, Content Id, Field Name, and Group Name for a list of Content Records.
User-added image

  1. For each Content Record, remove the Group from the field.
  2. Once the Group in no longer linked to Content Records, the Group can be deleted. 
  3. If the field is a Record Permissions field using the Inherited Permissions Model, check the Record Permissions field(s) it inherits from to find the proper field to remove the Group from.
NotesA defect was logged as ARCHER-25012: LDAP Synch exception in Failure Detail: ArcherTech.Common.Exceptions.ValidationMessageException: ArcherTech.Common.Validation.ValidationMessage
Enhancement request logged as ARCHER-22075: Add ability to identify Content Records where a Group has been assigned.
Contact Archer Support to open a case and add your company to the enhancement request.