Entitlement Views show zero items in RSA Identity Governance & Lifecycle after installing a 7.1.x patch
Originally Published: 2019-07-11
Article Number
Applies To
RSA Version/Condition: 7.1.0, 7.1.1
Issue
The following error can be seen in the aveksaServer.log:
07/11/2019 15:31:04.494 WARN (default task-4) [org.hibernate.engine.jdbc.spi.SqlExceptionHelper]
SQL Error: 904, SQLState: 42000
07/11/2019 15:31:04.496 ERROR (default task-4) [org.hibernate.engine.jdbc.spi.SqlExceptionHelper]
ORA-00904: "APP"."TECHNICAL_OWNER_NAME": invalid identifier
Please refer to article 000030327 - Artifacts to gather in RSA Identity Governance & Lifecycle to find the location of the log files for your specific deployment.
Cause
In the example below, note the user Attribute Name Technical Owner defined as an Application Role attribute:
Resolution
- RSA Identity Governance & Lifecycle 7.1.0 P09
- RSA Identity Governance & Lifecycle 7.1.1 P03
Workaround
A workaround is to rename all occurrences of the attribute names wherever they are defined (group, application role, role):
- Change Technical Owner to Technical Owner Name
- Change Business Owner to Business Owner Name
- Change Exception Manager to Exception Manager Name
In the RSA Identity Governance & Lifecycle user interface,
- Go to Admin > Attributes > [Edit the Attribute Name Technical Owner and modify to Technical Owner Name ] > Click OK.
- You will get a Java exception error that may be safely ignored. To bypass the error, cancel out of the attribute editor and the change will be saved.
- Now the entitlement view shows the expected list of entitlements (items):
NOTE: You will not be able to filter on Technical Owner Name in certain scenarios. For example, the following screenshot is from a User Access Rule Definition. The error is similar to the Java exception error mentioned above, but this change cannot be saved.
