|Applies To||RSA Product Set: Identity Management and Governance|
RSA Version/Condition: 7.0.0, 7.0.1
Product Name: RSA Identity Management and Governance and Lifecycle
|Issue||After defining a new Business Unit in RSA Identity Management and Governance and Lifecycle the collection shows existing users are being collected with the correct attribute value assigned to the new Business Unit but the users are not showing up in the Business Unit. New users assigned to the new Business Unit are being defined correctly.|
When listing users for the new Business Unit, either no users are showing, or the list is missing old some users.
|Cause||In RSA Identity Management and Governance and Lifecycle version 7.0.0 or later Business Unit calculation only occurs when a new user is added, or some property of the existing user has changed. This is due to the new Delta Processing feature of 7.0.x that only does not do a full collection and only collects user that have changed since the last collection. If a new Business Unit is defined, RSA Identity Management and Governance and Lifecycle does not update the Business Unit for any users who have already been collected and have a value for the attribute mapped for the new Business Unit.|
|Resolution||Business Units should be defined before the initial data collections are done. |
If a new Business Unit is defined, or the name of an existing Business Unit is changed a full refresh should be forced for the IDC that collects the associated Business Unit.
To force a Full Refresh on the Identity Collector (IDC) modify the T_DATA_COLLECTORS table and set the REQUIRES_FULL_REFRESH column for the collector to "O" (that is the letter "O" as in "Oscar").
WARNING: RSA recommends that a full database backup be performed before making any changes to the database tables.
For example to force a full collection for the Active Directory IDC run the following query.
UPDATE "AVUSER"."T_DATA_COLLECTORS" SET REQUIRES_FULL_REFRESH = 'O' WHERE NAME = 'Active Directory IDC' ;
Confirm the query correctly modified 1 row, and then commit the data to the database.
Do a collection on the IDC with the Circuit Breaker disabled and with Unification.
After the collection has completed you can confirm that a full refresh has occurred by examining the associated database logs for the collection:
The logs should show "Full refresh. Deleting old runs from t_raw_user"