The following issues were fixed in RSA Identity Governance and Lifecycle version 7.1.1 Patch 9.
The count on the view status bar is now displayed correctly based on whether the user is an admin or monitor.
When a change request was created and the system restarted, if no workflow had been created and linked to the change request, the system created a request workflow based on the configuration. Previously in RSA Identity Governance and Lifecycle 7.1.1, the configuration was based on the workflow on the configuration screen. However, when using a request form with a request workflow assigned, the system did not use that assigned workflow. In 7.2.0, RSA Identity Governance and Lifecycle enabled the configuration of which request workflows to use at the role set level, and this fix takes that configuration into consideration.
Change requests displayed the wrong user name associated with a canceled change request message. Change requests now correctly display the user that initiated the canceled workflow job.
Pending submission change requests were not properly cleaned up.
Account names with spaces or special characters are not allowed, but migration from earlier versions did not convert the unsupported characters to underscores as expected.
A user had duplicate local entitlements when activity was assigned in Manual Activities.
ACM Security Model
Supervisors were unable to see the details of requests created by their subordinates or others.
After AFX restarted, the settings for a connector configured with a password vault configuration did not substitute the credentials correctly.
Changing the response timeout for a RESTful web service connector had no effect on non-GET requests.
Attribute synchronization request did not generate a workflow for managed attributes, because the system closed the connection before the request was processed.
The strings "Contains Privileged Access" and "Business Criticality" were not localized.
Change Requests and Workflows
When using the Cancel/Undoing workflow settings on the request-level workflow, when using an escalation workflow, a request could get stuck in the Canceling state.
Rejection of an escalation workflow could result in the Reject Items node becoming stuck.
An entire change request was rejected when it contained a change item related to a deleted role. This has been fixed to reject only items containing the deleted role reference.
The Last Successful Collection Date was incorrectly updated after a collection was aborted, for example by the circuit breaker. This value is now updated only after a successful run.
Running an SQL query with multiple CSV files in the group data query in Account Data Collector with the HXTT CSV Driver was getting incorrect results.
When an Active Directory account was created with a slash (/) in the account name, change requests failed with a naming exception. Processing has been fixed to handle the slash character (/) in account creation.
During connector deployment, the substitution of connector settings of password value was not properly substituted to capability command code.
When using the Salesforce REST connector, the updateAccount command with additional parameters failed to update the new parameters on the endpoint.
The duplicate display names of custom attributes across objects has been fixed by prefixing them with the object name in the user entitlement search expression builder. This allows the user to pick the correct custom attribute when duplicate attributes exist.
Custom field pointing to an object was not usable in entitlement rules and content filters for user access reviews.
Data Collection Processing and Management
Scheduled unification ran even when the mandatory collector failed.
Deleting a collector did not clean up the t_av_job_stats data, causing data inconsistencies in the database.
The Active Directory ADC rejected group memberships for accounts with distinguishedName values larger than 256 characters.
Optimized the database index in the rule table to improve rule pre-processing.
Corrected the spelling of the state name "Invalid" in the State column of the public view PV_AV_AFX_REQUEST.
Improvements made to business description processing.
ArchivePurge_Pkg failed on t_av_rules.
Archive purging runs erroneously converted hours to days, causing the data purge to end prematurely.
The public view PV_REVIEW_DEFINITION has been updated to exclude duplicate and deleted review definitions.
Caching of column values caused incorrect content written into email. Caching has been removed.
Aveksa Statistics Report (ASR) generation was stalling in the Generating state.
SF-1578947 SF-1587329 SF-1583489
Indirect entitlements held by a user were incorrectly available for selection in request forms when the control type was set to Entitlement Table.
Change requests generated from the Role Review role did not consider Accounts, causing entitlements to be missed.
Incorrect calculations occurred for local role dependencies related to multi-level roles and/or disabled roles.
When a role import failed, exception details were not displayed.
The role set drop-down is now sorted by name instead of raw name.
Pending change requests were updated if the associated role for the change request was moved from one role set to a different role set before the change request was completed.
A user was not removed from all nested roles when the user was removed from a parent role in the Members tab.
Role preview changes showed the wrong items when a role set was modified in a role.
Optimized queries related to violation tables to improve rendering.
SOD rules failed due to a data type conflict.
Rules pre-processing was triggered twice when a collector was triggered with an identity collector and unification. However, two rule pre-processing events cannot exist in the queue in a New or Running state at any point of time.
In workflow emails, hyperlinks that contain a dynamic workflow variable were removed.
Updated the Apache Tomcat library to address a vulnerability.
A "request could not be handled" error occurred when editing some groups.
The date format under Admin > Workflow > Monitoring > Queues now displays the same date format as is configured under the User option.
In the latest version of Firefox, frames in the user interface was sometimes reduced to a smaller area with scroll bars.