000036824 - Duplicate identities after upgrading from RSA Identity Management & Governance 6.9.1 to RSA Identity Governance & Lifecycle 7.x

Document created by RSA Customer Support Employee on Nov 16, 2018Last modified by RSA Customer Support Employee on Jul 24, 2019
Version 3Show Document
  • Comment0
  • View in full screen mode

Article Content

Article Number000036824
Applies ToRSA Product Set: Identity Governance & Lifecycle
RSA Version/Condition: 6.9.1, 7.x
 
IssueDuplicate identities exist after upgrading from RSA Identity Governance & Lifecycle 6.9.1 to RSA Identity Governance & Lifecycle 7.x. This occurs in the following scenario:
  • The RSA Identity Governance & Lifecycle application is on one of the following versions:

  • 6.9.1 P19 or below
  • 7.0.0

  • The application is then upgraded to 7.0.1 or above.  
  • After one or more identity collections are run, some of the users now have duplicate identities.
  • These duplicate users were terminated when the application was at the earlier version, and re-hired after the application was upgraded.

To confirm that there are duplicate identities, connect to the database as AVUSER, and run the following SQL.

SELECT user_id FROM t_master_enterprise_users 
GROUP BY user_id 
HAVING COUNT(1) > 1;

For this issue, ORA-30926 errors are not being reported during a collection.


 
CauseThe cause of this issue has two parts: 
  1. In RSA Identity Governance & Lifecycle versions 6.9.1 P19 or below, or version 7.0.0, deleted users from earlier releases were not tracked. This issue is reported in engineering ticket ACM-64423.
  2.  An additional problem was detected, in that the Unification process was not aware of the old Unified user and created a new one, resulting in a duplicate user. This issue is reported in engineering ticket ACM-89647.
ResolutionUpgrade to RSA Identity Governance & Lifecycle 7.0.2 P11 or 7.1.0 P05 which includes the fixes from both engineering tickets.
 
The issue in engineering ticket ACM-64423 is resolved in the following RSA Identity Governance & Lifecycle patches. The fix was to add a new table to track deleted users from earlier releases.


  • RSA Identity Governance & Lifecycle 6.9.1 P20 and above
  • RSA Identity Governance & Lifecycle 7.0.1
  • RSA Identity Governance & Lifecycle 7.0.2
 

The issue in engineering ticket ACM-89647 is resolved in the following RSA Identity Governance & Lifecycle patches. The fix was to improve the data migration process so that the data from the new table that tracks deleted users was included in the unification process.


  • RSA Identity Governance & Lifecycle 7.0.2 P11
  • RSA Identity Governance & Lifecycle 7.1.0 P05

To download the appropriate patch, please see RSA Knowledge Base Article 000033845 - How to download patch files for RSA Identity Governance & Lifecycle from RSA Link.
 
WorkaroundTo correct the duplicate identity data in versions earlier than 7.0.2 P11 or 7.1.0 P05, please contact RSA Identity Governance & Lifecycle support and mention this RSA Knowledge Base Article (000036824) for reference.

Before opening a new case, please confirm that you have duplicate identities by running the query in the Issue section of this article. If the query returns any data, then you have duplicate identities. 

The RSA support engineer can then confirm you have encountered this problem, and provide the SQL to manually correct the duplicate identity data.
NotesPlease see related article 000037761 - Duplicate users in RSA Identity Governance & Lifecycle.

Attachments

    Outcomes