000035557 - Multiple entitlements in RSA Identity Governance and Lifecycle cause supervisor approval to fail with ORA-22275: invalid LOB locator specified

Document created by RSA Customer Support Employee on Sep 23, 2017Last modified by RSA Customer Support Employee on Jul 25, 2019
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000035557
Applies ToRSA Product Set: Identity Governance & Lifecycle
RSA Version/Condition: 7.x
 
IssueAfter requesting multiple entitlements in RSA Identity Governance & Lifecycle, the request fails during supervisor approval. The error occurs when updating CLOB field VAR_CVALUE in the WP_USER_DATA table if the data is greater than 2000 characters in length. Conceivably, this error may also arise in other parts of the product.
  • The error message in the processing workflow is An SQL Exception has occurred. Please see the server logs for details.

  • The error message in the WorkPoint.log is:

2017-08-23 11:55:10,649 [Worker_alertq#Alert Queue#WPDS_1] ERROR com.workpoint.services.impl.GenericServiceImpl - ORA-22275: invalid LOB locator specified SQL = Execute Batch: UPDATE WP_USER_DATA SET VAR_CVALUE=?, VAR_BVALUE=?, BVALUE_LENGTH=?, PROC_ID=?, PROC_DB=?, PROCI_ID=?, PROCI_DB=?, ROW_VERSION=?, LU_ID=?, LU_DATE=? WHERE DATA_ID=? AND DATA_DB=? AND DATA_TYPE=? AND VAR_NAME=?


  • The error is NOT seen in the aveksaServer.log.

Please refer to RSA Knowledge Base Article ID 000030327 - Artifacts to gather in RSA Identity Governance & Lifecycle to find the location of the log files for your specific deployment. 
CauseThis is an Oracle bug that was introduced in 11.2.0.4 (RSA Identity Governance & Lifecycle uses 11.2.0.3 of Oracle in 6.9.x) and is fixed in 12.2.0.2 of Oracle (which is not a supported platform for RSA Identity Governance & Lifecycle.)

The issue can affect all 7.x versions, as that is when RSA Identity Governance & Lifecycle switched to using a 12.2.0.1 Oracle database.

 
ResolutionRSA-supplied database users such as Appliance users should install and run the latest available RSA Identity Governance & Lifecycle Appliance Updater which contains cumulative Oracle patches.

Customer-supplied database users should install the latest PSU (Oracle Patch Set Update).

Attachments

    Outcomes