The Active Directory Account Data Collector does not have an option to collect Logon Hours in RSA Identity Governance & Lifecycle 7.0.2 and 7.1.x
2 years ago
Originally Published: 2019-05-01
Article Number
000041066
Applies To
RSA Product Set: Identity Governance & Lifecycle
RSA Version/Condition: 7.0.2, 7.1.0
 
Issue
The Active Directory Account Data Collector does not have an option to collect Logon Hours in RSA Identity Governance & Lifecycle.
 
User-added image

There have been unsuccessful attempts to work around this product limitation. For example,
  • Modify the LoginHours Attribute in Active Directory. Options to set hours exist for Logon Permitted and Logon Denied time frames. 
  • Add a LogonHours collected account attribute in the RSA Identity Governance & Lifecycle User Interface, under Admin > Attributes.
  • Run an Account Data Collection.

There are two problems with this workaround.
  • First, if Logon Denied is chosen and all hours are denied, the collection fails with the following error:
09/12/2018 07:40:45.815 INFO (Exec Task Consumer#0) [com.aveksa.server.xfw.TaskExecutor] Setting thread Thread[Exec Task Consumer#0,5,Execution Queue] on 583384 method=Execute 
09/12/2018 07:40:47.206 ERROR (Exec Task Consumer#0) [com.aveksa.server.xfw.SAXAccountDataHandler] Error in processing Account Data 
org.xml.sax.SAXParseException; lineNumber: 163501; columnNumber: 142; An invalid XML character (Unicode: 0x0) was found in the value of attribute "logonHours" and element is "attributes".
at org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(Unknown Source)
at org.apache.xerces.util.ErrorHandlerWrapper.fatalError(Unknown Source)
at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
  • If any other setting is chosen, the collection succeeds, but the display is in octet format and therefore, unreadable.
User-added image
Cause
This is the current functionality of the product.
Resolution
Product enhancement request ACM-91024 has been submitted for this issue. Product enhancement requests are evaluated by Product Management to determine when/if they will be added in a future release.    
 
Please go to RSA Link RSA Ideas for RSA Identity Governance & Lifecycle to submit and/or vote on an enhancement request. For more information, please see How to log a request for enhancement (RFE) for RSA Identity Governance & Lifecycle.  
   

Related Articles

Trending Articles

Don't see what you're looking for?