The following issues were fixed in RSA Identity Governance and Lifecycle version 7.2.0.01.
Review bulk actions were not always persisted for items across all pages when comments were added or when the state of the review items was changed to NONE.
Review monitors with read and write privileges on a review were incorrectly able to edit and create escalations on reviews.
Alternate managers were able to self-review items even when the self-review option was not enabled on a review.
Mandatory review comments did not always cascade to child entitlements.
Revoking local entitlements were automatically completed by the system even when the ApplyImmediate tag was set to false. The system now correctly considers the ApplyImmediate tag when processing.
Some Role Names were unexpectedly changed to Role Raw Names without a change request.
ACM Security Model
The security scope pop-up did not display "Report Result: Run" or "Report Result: View Report" when there was no result generated for those reports. Now the report name is displayed in the pop-up even if a report result does not yet exist.
When a change request in an RACF connector used the $ symbol in a value, the $ symbol and everything following it was skipped during execution.
Change Requests and Workflows
The user interface previously allowed users to cancel change request items in a pending verification state only if the change request was in the open state and the workflows were in an active state.
The due date for an approval node was previously dependent on the start time of the job.
When an approval was rejected, the email incorrectly used the user ID instead of the ID for a dynamic role or group.
Clarification was needed that the "Max items per change request" setting does not affect change requests that add or remove entitlements from roles.
The change request milestone for completed manual activity incorrectly displayed a message that it was completed by the system.
Requests with all watches closed incorrectly remained open.
After importing an AFX connector, the import displayed the raw name of the connector instead of the display name.
When cloning a connector after changing its name, a connector with a duplicate name was created.
The REST connector login capability did not use input parameters when generating a session token.
Improved security of REST connector parameters.
Could not clear the mysql-connector-java-5.1.36-bin.jar from a MySQL connector after it was loaded.
The REST connector did not use the Accept header as expected to accept all content types.
While creating a REST connector, the application added an extra output parameter pattern after saving the connector.
The REST connector used returned set-cookie headers in subsequent calls, resulting in failed login attempts.
Custom aliases used for the "Application backup technical owner" and "Business unit backup technical owner" attributes were switched in the Application page user interface.
Data Collection Processing and Management
After deleting a collector, the entitlement count in the "Total Entitlements" column displayed the same number of entitlements as before the deletion.
The role data collector counted extra rejected role membership from all role collector runs.
Stack overflow errors from queries were not caught and handled as expected.
After upgrading the JDK, installing a patch failed with a "No such file or directory" error.
A change request was unable to process the removal of a local entitlement from a deleted user.
An Insufficient Privileges to View This Page error appeared when a user attempted to use the password reset functionality.
After running an unscheduled report, the related email incorrectly attached the last scheduled report.
In a request form, the user picker field did not show the selected user value.
After a user with non-administrator privileges clicked the Remove button to remove a role, the buttons did not refresh to say Removed as expected. This patch ensures that the buttons are correctly refreshed when the Remove button is clicked.
Role mining incorrectly considered deleted group membership.
Deleted or obsolete role versions were occasionally not properly removed from system tables.
Custom Attribute columns displayed an incorrect value during role analysis for suggested entitlements.
When exporting all roles, the entire export failed when an unexpected error occurred for any of the included roles.
The role management history table occasionally displayed two instances of the role to change request link instead of just one.
RSA Identity Governance and Lifecycle handled identical change requests differently when they were made for business roles or single entitlements.
The role entitlements screen for Direct Missing Members displayed incorrect users.
In segregation of duty (SoD) rule workflows, the decision node did not correctly transition to the true condition.
Unable to change the status of a rule when the rule action to send email contained deleted users.
User coverage in Segregation of Duties (SoD) rules did not filter users with a null attribute value.
After editing a joiner rule, the workflow reference was reset to the default out-of-the-box workflow.
When an entitlement explained by a role was in violation, the remediation action was performed on the entitlement instead of the role. With this patch, remediations on violations of entitlements explained by roles are performed on the role.
A change request contained a violation even after the violating entitlement was removed from the role.
UINC rules were unexpectedly triggered, reassigning access to terminated users. Terminated users are now excluded from being assigned access.
After importing a database from another system, the workflow monitoring tab displayed both the current node name and the original node name.
The Activities breadcrumb in My Activities did not work as expected.
Calling the createChangeRequest web service did not work as expected from workflows.
The updateReviewItems web service did not work correctly for a user with multiple accounts.