000034462 - Users are not assigned to new RSA Identity Management and Governance and Lifecycle Business Unit after collection

Document created by RSA Customer Support Employee on Nov 29, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000034462
Applies ToRSA Product Set: Identity Management and Governance
RSA Version/Condition: 7.0.0, 7.0.1
Product Name: RSA Identity Management and Governance and Lifecycle 
 
IssueAfter defining a new Business Unit in RSA Identity Management and Governance and Lifecycle the collection shows existing users are being collected with the correct attribute value assigned to the new Business Unit but the users are not showing up in the Business Unit.  New users assigned to the new Business Unit are being defined correctly.
When listing users for the new Business Unit, either no users are showing, or the list is missing old some users.
User-added image
CauseIn RSA Identity Management and Governance and Lifecycle version 7.0.0 or later Business Unit calculation only occurs when a new user is added, or some property of the existing user has changed. This is due to the new Delta Processing feature of 7.0.x that only does not do a full collection and only collects user that have changed since the last collection.  If a new Business Unit is defined, RSA Identity Management and Governance and Lifecycle does not update the Business Unit for any users who have already been collected and have a value for the attribute mapped for the new Business Unit.
ResolutionBusiness Units should be defined before the initial data collections are done.  
If a new Business Unit is defined, or the name of an existing Business Unit is changed a full refresh should be forced for the IDC that collects the associated Business Unit.
To force a Full Refresh on the Identity Collector (IDC) modify the T_DATA_COLLECTORS table and set the REQUIRES_FULL_REFRESH column for the collector to "O" (that is the letter "O" as in "Oscar").
WARNING:  RSA recommends that a full database backup be performed before making any changes to the database tables. 
For example to force a full collection for the Active Directory IDC run the following query.
UPDATE "AVUSER"."T_DATA_COLLECTORS" SET REQUIRES_FULL_REFRESH = 'O' WHERE NAME = 'Active Directory IDC' ;
Confirm the query correctly modified 1 row, and then commit the data to the database.
User-added image
Do a collection on the IDC with the Circuit Breaker disabled and with Unification. 
User-added image
After the collection has completed you can confirm that a full refresh has occurred by examining the associated database logs for the collection:
The logs should show "Full refresh. Deleting old runs from t_raw_user"
User-added image
 

Attachments

    Outcomes