A change request to remove role access from a user tries to remove AD group (indirect access from role) which no longer exists in RSA Governance & Lifecycle
3 years ago
Article Number
000068260
Applies To

This is a known issue in the following versions.

  • RSA Governance & Lifecycle 7.2.x
  • RSA Governance & Lifecycle 7.5.x
Issue
  • The user had an AD account, added to 'role x' and 'group1' (indirect access from role) as per the below screenshot.

Access Tab1.PNG

  • Created a change request to remove the AD account, and it includes only one Account Change as per the below screenshot.

CR1.PNG

  • After completing the above change request, the user still having access to 'role x' only as per the below screenshot, Active Directory 'group1' was removed after removing the AD account.

Access Tab2.PNG

 

  • Created a change request to remove the role from the user access tab and found that the change request was generated with 2 User Changes, Including removing the group which already removed before from the user access tab after removing the AD account.
  • Error " Exception while processing the automated request for item 376, exception is: Could not find Pending Account for ChangeRequestItem[RemoveUserFromUserGroup]
    Indirect change item" existed in comments as per the below screenshot.
  • The below error existed in aveksaServer.log
01/16/2023 15:56:22.294 ERROR (Worker_actionq#Role#jdbc/avdb_16) [com.aveksa.afx.plugin.integration.AFXConnectorCommandMappingUtils] Could not find Pending Account for ChangeRequestItem[RemoveUserFromUserGroup]
com.aveksa.server.core.ObjectNotFoundException: Could not find Account for ChangeRequestItem[com.aveksa.server.core.cr.ChangeRequestItem@19f266a3[reqID=311,itemID=376,stateStr=PZ,fullOperationStr=RemoveUserFromUserGroup,operandID=35327,operandName=, usera,operandDcId=21,operandAppId=<null>,description=Indirect change item,valueTypeStr=UG,valueID=35227,value2ID=<null>,valueName=group1,valueAppId=21,value2AppId=<null>,valueDcId=22,value2DcId=<null>,watchId=350,watchToken=3001:WPDS-463:WPDS-2988:WPDS-0,affectedUserId=35327,additionalData=<map>
  <entry>
    <string>GrantType</string>
    <string>Indirect</string>
  </entry>
</map>]]
        at com.aveksa.server.core.account.AccountObjectStoreServiceProvider.getAccount(AccountObjectStoreServiceProvider.java:903) ~[server.jar:?]
        at com.aveksa.afx.plugin.integration.AFXConnectorCommandMappingUtils.populateParameterMap(AFXConnectorCommandMappingUtils.java:139) ~[?:?]
        at com.aveksa.afx.plugin.integration.fulfillment.FulfillmentManager.getKnownVariables(FulfillmentManager.java:636) ~[?:?]
        at com.aveksa.afx.plugin.integration.fulfillment.FulfillmentManager.doParameterReplacement(FulfillmentManager.java:391) ~[?:?]
        at com.aveksa.afx.plugin.integration.fulfillment.FulfillmentManager.queueCommand(FulfillmentManager.java:553) ~[?:?]
        at com.aveksa.afx.plugin.integration.fulfillment.FulfillmentManager.handleAutomaticItems(FulfillmentManager.java:304) ~[?:?]
        at com.aveksa.afx.plugin.integration.fulfillment.FulfillmentManager.fulfillChanges(FulfillmentManager.java:93) ~[?:?]
        at com.aveksa.afx.plugin.integration.fulfillment.AFXFulfillmentHandler.fulfillChanges(AFXFulfillmentHandler.java:37) ~[?:?]
        at com.aveksa.server.workflow.scripts.nodes.FulfillmentHandlerNode.fulfillChangesImpl(FulfillmentHandlerNode.java:254) ~[server.jar:?]
        at com.aveksa.server.workflow.scripts.nodes.FulfillmentHandlerNode.nodeAvailableAsynchronous(FulfillmentHandlerNode.java:117) ~[server.jar:?]
        at com.aveksa.server.workflow.scripts.nodes.WorkflowNodeHandler.nodeAvailableAsynchronous(WorkflowNodeHandler.java:52) ~[server.jar:?]
        at sun.reflect.GeneratedMethodAccessor663.invoke(Unknown Source) ~[?:?]
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_292]
        at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_292]
        at com.workpoint.server.script.StatementEngineJava.execute(Unknown Source) ~[wpServer.jar:?]
        at com.workpoint.server.script.ScriptEngine.A(Unknown Source) ~[wpServer.jar:?]
        at com.workpoint.server.script.ScriptEngine.execute(Unknown Source) ~[wpServer.jar:?]
        at com.workpoint.server.monitor.ActionMonitorHelper.A(Unknown Source) ~[wpServer.jar:?]
        at com.workpoint.server.monitor.ActionMonitorHelper.execute(Unknown Source) ~[wpServer.jar:?]
        at com.workpoint.services.impl.ScriptExecAsyncServiceImpl.executeScriptMonitor(Unknown Source) ~[wpServer.jar:?]
        at com.workpoint.client.Monitor.executeScriptMonitor(Unknown Source) ~[wpClient.jar:?]
        at com.workpoint.queue.work.ActionQWorker.A(Unknown Source) ~[wpQMonitorFull.jar:?]
        at com.workpoint.queue.work.ActionQWorker.run(Unknown Source) ~[wpQMonitorFull.jar:?]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) ~[?:1.8.0_292]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) ~[?:1.8.0_292]
        at java.lang.Thread.run(Thread.java:748) ~[?:1.8.0_292]
01/16/2023 15:56:22.296 ERROR (Worker_actionq#Role#jdbc/avdb_16) [com.aveksa.afx.plugin.integration.fulfillment.FulfillmentManager] Exception while processing the automated request for item 376, exception is: Could not find Pending Account for ChangeRequestItem[RemoveUserFromUserGroup]
<br/>
Indirect change item
java.lang.RuntimeException: Could not find Pending Account for ChangeRequestItem[RemoveUserFromUserGroup]
        at com.aveksa.afx.plugin.integration.AFXConnectorCommandMappingUtils.populateParameterMap(AFXConnectorCommandMappingUtils.java:159) ~[?:?]
        at com.aveksa.afx.plugin.integration.fulfillment.FulfillmentManager.getKnownVariables(FulfillmentManager.java:636) ~[?:?]
        at com.aveksa.afx.plugin.integration.fulfillment.FulfillmentManager.doParameterReplacement(FulfillmentManager.java:391) ~[?:?]
        at com.aveksa.afx.plugin.integration.fulfillment.FulfillmentManager.queueCommand(FulfillmentManager.java:553) ~[?:?]
        at com.aveksa.afx.plugin.integration.fulfillment.FulfillmentManager.handleAutomaticItems(FulfillmentManager.java:304) ~[?:?]
        at com.aveksa.afx.plugin.integration.fulfillment.FulfillmentManager.fulfillChanges(FulfillmentManager.java:93) ~[?:?]
        at com.aveksa.afx.plugin.integration.fulfillment.AFXFulfillmentHandler.fulfillChanges(AFXFulfillmentHandler.java:37) ~[?:?]
        at com.aveksa.server.workflow.scripts.nodes.FulfillmentHandlerNode.fulfillChangesImpl(FulfillmentHandlerNode.java:254) ~[server.jar:?]
        at com.aveksa.server.workflow.scripts.nodes.FulfillmentHandlerNode.nodeAvailableAsynchronous(FulfillmentHandlerNode.java:117) ~[server.jar:?]
        at com.aveksa.server.workflow.scripts.nodes.WorkflowNodeHandler.nodeAvailableAsynchronous(WorkflowNodeHandler.java:52) ~[server.jar:?]
        at sun.reflect.GeneratedMethodAccessor663.invoke(Unknown Source) ~[?:?]
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_292]
        at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_292]
        at com.workpoint.server.script.StatementEngineJava.execute(Unknown Source) ~[wpServer.jar:?]
        at com.workpoint.server.script.ScriptEngine.A(Unknown Source) ~[wpServer.jar:?]
        at com.workpoint.server.script.ScriptEngine.execute(Unknown Source) ~[wpServer.jar:?]
        at com.workpoint.server.monitor.ActionMonitorHelper.A(Unknown Source) ~[wpServer.jar:?]
        at com.workpoint.server.monitor.ActionMonitorHelper.execute(Unknown Source) ~[wpServer.jar:?]
        at com.workpoint.services.impl.ScriptExecAsyncServiceImpl.executeScriptMonitor(Unknown Source) ~[wpServer.jar:?]
        at com.workpoint.client.Monitor.executeScriptMonitor(Unknown Source) ~[wpClient.jar:?]
        at com.workpoint.queue.work.ActionQWorker.A(Unknown Source) ~[wpQMonitorFull.jar:?]
        at com.workpoint.queue.work.ActionQWorker.run(Unknown Source) ~[wpQMonitorFull.jar:?]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) ~[?:1.8.0_292]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) ~[?:1.8.0_292]
        at java.lang.Thread.run(Thread.java:748) ~[?:1.8.0_292]
Caused by: com.aveksa.server.core.ObjectNotFoundException: Could not find Account for ChangeRequestItem[com.aveksa.server.core.cr.ChangeRequestItem@19f266a3[reqID=311,itemID=376,stateStr=PZ,fullOperationStr=RemoveUserFromUserGroup,operandID=35327,operandName=, usera,operandDcId=21,operandAppId=<null>,description=Indirect change item,valueTypeStr=UG,valueID=35227,value2ID=<null>,valueName=group1,valueAppId=21,value2AppId=<null>,valueDcId=22,value2DcId=<null>,watchId=350,watchToken=3001:WPDS-463:WPDS-2988:WPDS-0,affectedUserId=35327,additionalData=<map>
  <entry>
    <string>GrantType</string>
    <string>Indirect</string>
  </entry>
</map>]]
        at com.aveksa.server.core.account.AccountObjectStoreServiceProvider.getAccount(AccountObjectStoreServiceProvider.java:903) ~[server.jar:?]
        at com.aveksa.afx.plugin.integration.AFXConnectorCommandMappingUtils.populateParameterMap(AFXConnectorCommandMappingUtils.java:139) ~[?:?]
        ... 24 more

CR2.PNG
Cause
When creating a request to remove a USER who has deleted AD account from role , AFX throwing an error "ObjectNotFound exception"
Resolution
This issue is resolved in the following versions:
  • RSA Governance & Lifecycle 7.5.2 P08
  • RSA Governance & Lifecycle 8.0 P01

Related Articles

Trending Articles

Don't see what you're looking for?