The following issues were fixed in RSA Identity Governance and Lifecycle version 7.1.1 Patch 4.
Coverage files were erroneously not applied to review items associated with deleted objects.
Inefficient SQL statements were called with every move through the tabs of the Role screen.
The EmailByMonitor message type did not consider the configured columns in the review. Instead, it had only considered the hard-coded columns.
When performing review analysis, the ORA-30926 error could be generated when calculating unchanged review items because of the incorrect join that compared old review items to items in the current review.
Refreshing any review data other than business descriptions resulted in coverage information automatically refreshing, even when the option to refresh coverage was not selected.
Account reviews that filtered accounts and groups could experience poor performance during review generation.
Duplicate accounts were created when a pending account was created with the same name but different capitalization as another account in a case-insensitive ADC. The next time the accounts were collected for the case-insensitive ADC, the pending account’s name is updated to match the capitalization, which caused duplicate accounts in the system. The system will now take an ADC's case-sensitivity into consideration and result in an error when necessary.
Account creation change requests could fail when the account parameter was mapped with attributes of more than one type, because the code failed to group them based on the type.
On a request form, when a form field was mapped to a provisioning parameter that contained encrypted values, the form did not properly substitute the correct value when generating the request.
When multiple SSO User Headers authentication sources were configured, an authentication source was randomly picked without verifying the authentication source name during authentication.
Change Requests and Workflows
In a workflow that is configured to group by business source, password resets skipped the workflow and the change request workflow completed with the item still in Pending Action status.
An access request generated thousands of unrelated activities when a call to filter change request items for a subprocess returned an empty list. Now, if this occurs, an exception occurs and an error message is displayed for user interface operations. For operations that are not performed through the UI, the processing will go to the Error state.
A pending change item with the type Container was erroneously displayed in the User Changes table.
A user could submit a change request with a pending submission from the Additional Information submission screen. This fix disables the Finish and Next buttons in this use case.
Admin > Workflow > Monitoring did not update the Pending Verification (Count) icon when the number of pending verification items changed.
The Workflow Architect failed to load when using SSO because the double slash // in the URL caused issues with some web agents.
Could not open workflows because the URL contained a double slash //.
Variables were not populated in emails for account review change requests when revoking an account from a group.
In the out-of-the-box Reassign to Supervisor node, the Comments field was missing from the Resource sections.
An account collector had performance issues when searching for a cycle of groups in an environment with multiple ADCs when one ADC collected the majority of groups but the SQL explain plan was not appropriate for that collector.
SF-1348150 SF-1319278 SF-1305102
ACM-94653 ACM-95318 ACM-97281
Updated the driver that does SQL processing of the CSV files involved in collections. This address bug fixes in the driver on earlier versions.
After modifying a collector, the Last Modified value was not updated.
The Archer account data collector switched the values for email and phone numbers in collected data.
When editing an object on which a managed custom date attribute was previously set, the attribute field was blank.
The field length of custom attributes did not match the field length in the base tables.
Data Collection Processing and Management
Inactivating an IDC that creates users and moves a subset of users to another collector creating users could cause duplicates in the next Unification run.
When a user record was terminated during an IDC full refresh, a duplicate identity record could be created during a user rehire scenario.
When database purging exceeded the threshold of four hours, the process did not exit and complete as expected.
During archive creation, the archive start date was calculated incorrectly resulting in the following error: "The archive Start and End dates can not be overlapping with the existing archives."
After deleting archive runs from the monitoring page, the runs were deleted from the system and an error was displayed when trying to view the archive table.
Performance problems could occur while accessing the raw data for a collection when there was a large amount of rejected data in the tab being accessed.
During virtual application installation, the following error could occur in environments with a customer-supplied database: “[Step 1 of 9] Error configuring certificates ('./configureSSLCertificates.sh')”.
All items on the metadata export screen were erroneously selected when browsing between pages.
Upgrading to a patch failed due to increased security restrictions on the "DUAL" table when it was used by Views. RSA Identity Governance and Lifecycle has now deprecated the use of this table in views.
Migration from 6.9.1 failed due to locked statistics on some tables.
A Java exception was displayed on the Expiring Passwords tab when displayed a user account’s expiring password details.
ASR report generation failed when the Environment Name was 100 characters of longer.
Reports did not display line breaks in the Long Description attribute of entitlements.
After specifying an equals filter for an application name, its alternate name was saved in the report XML while the underlying view contained the raw name. Because of this mismatch, the report did not generate results or load the filter properly when the report was reopened. This also occurred with other objects that had alternate names. The system now saves the raw name as expected to prevent this issue.
ASR report generation failed with an ORA-06502 error when an environment name exceeded a length of 100 characters.
Request forms that used additional filters were not isolated from the main query, which caused the user counts to be incorrect.
Unable to create an out-of-office request when additional fields under Requests > Configuration > Submission were present but not enabled for display.
When a JSP file was referenced in the Validation URI for a request form, an exception occurred.
After performing an upgrade, an error occurred loading the fields in a request form that had previously worked.
Change items were missing from a change request after roles with varying levels of indirect group entitlements where removed from users.
Role export failed with error ORA-12899 when role names exceeded 128 characters.
When entitlements of different types had the same ID, suggested entitlements could include empty or invalid entitlements. The query has now been fixed to join on entitlement type as well as ID.
Testing a rule took significantly longer to display the results than the time the actual rule run took to generate violations.
Improved security of X-Content-Type-Options headers in responses from RSA Identity Governance and Lifecycle.
Improved security surrounding the session token for requests to Identity Governance and Lifecycle.
SF-1272396 SF-1427765 SF-1453638
The Wildfly application server log was not updating as expected after upgrading.
Data archiving failed with the ORA-06512 error.
When viewing User > Requests or collection run details from the Collector History tab of a specific collector, the displayed breadcrumbs were incorrect.
When adding entitlements to a role, if the “one of” filter was used, the ORA-00904: “ENTITLEMENT_NAME”: invalid identifier error occurred.
After upgrading, the Business Source column was missing from the accounts table under the ADC collector. This column has now been added back to the accounts table.
Loading the Review Definitions table took an excessive amount of time due to unnecessary fetching of reviewer/monitor coverage data that is not required to render the table.
Pop-up windows appeared outside of the viewable area of a user’s screen when the screen had scrollable content.