Article Number
000036824
Applies To
RSA Product Set: Identity Governance & Lifecycle
RSA Version/Condition: 6.9.1, 7.x
Issue
Duplicate identities exist after upgrading from RSA Identity Governance & Lifecycle 6.9.1 to RSA Identity Governance & Lifecycle 7.x. This occurs in the following scenario:
- The RSA Identity Governance & Lifecycle application is on one of the following versions:
- The application is then upgraded to 7.0.1 or above.
- After one or more identity collections are run, some of the users now have duplicate identities.
- These duplicate users were terminated when the application was at the earlier version, and re-hired after the application was upgraded.
To confirm that there are duplicate identities, connect to the database as AVUSER, and run the following SQL.
SELECT user_id FROM t_master_enterprise_users
GROUP BY user_id
HAVING COUNT(1) > 1;
For this issue, ORA-30926 errors are not being reported during a collection.
Cause
The cause of this issue has two parts:
- In RSA Identity Governance & Lifecycle versions 6.9.1 P19 or below, or version 7.0.0, deleted users from earlier releases were not tracked. This issue is reported in engineering ticket ACM-64423.
- An additional problem was detected, in that the Unification process was not aware of the old Unified user and created a new one, resulting in a duplicate user. This issue is reported in engineering ticket ACM-89647.
Resolution
Upgrade to RSA Identity Governance & Lifecycle 7.0.2 P11 or 7.1.0 P05 which includes the fixes from both engineering tickets.
The issue in engineering ticket ACM-64423 is resolved in the following RSA Identity Governance & Lifecycle patches. The fix was to add a new table to track deleted users from earlier releases.
- RSA Identity Governance & Lifecycle 6.9.1 P20 and above
- RSA Identity Governance & Lifecycle 7.0.1
- RSA Identity Governance & Lifecycle 7.0.2
The issue in engineering ticket ACM-89647 is resolved in the following RSA Identity Governance & Lifecycle patches. The fix was to improve the data migration process so that the data from the new table that tracks deleted users was included in the unification process.
- RSA Identity Governance & Lifecycle 7.0.2 P11
- RSA Identity Governance & Lifecycle 7.1.0 P05
To download the appropriate patch, please see RSA Knowledge Base Article
000033845 - How to download patch files for RSA Identity Governance & Lifecycle from RSA Link.
Workaround
To correct the duplicate identity data in versions earlier than 7.0.2 P11 or 7.1.0 P05, please contact
RSA Identity Governance & Lifecycle support and mention this RSA Knowledge Base Article (000036824) for reference.
Before opening a new case, please confirm that you have duplicate identities by running the query in the Issue section of this article. If the query returns any data, then you have duplicate identities.
The RSA support engineer can then confirm you have encountered this problem, and provide the SQL to manually correct the duplicate identity data.
Notes