The following issues were fixed in RSA Identity Governance and Lifecycle version 7.1.1 Patch 1.
Issue | Description |
---|---|
SF-1176983 ACM-88167 | The Radio button text "Review items are signed off" on the configuration page of a User access review definition appeared when the sign-off option was not actually available. |
SF-1262429 ACM-92238 | The Member, Entitlements, and Analytics tabs of a role could not be clicked in a role review with "submit" as the mandatory signoff comment. |
SF-1090220 ACM-83577 | The “Explicit by Owner” option in the Account Access and Ownership review, when sub-components were automatically revoked through a revoked parent component, caused incorrect confirmation messages after canceling review changes. |
SF-845541 ACM-67727 | The "Apply to account entitlements" option for bulk actions did not work on associated app roles and entitlements in an account review due to a column filter in a custom review display view. |
SF-1300767 ACM-94654 | The Account Name column was missing from the available columns to display in a review display view. |
SF-1170335 ACM-87413 | Could not send emails using the Send Email button in the All Groups tab of group reviews. |
SF-1150335 ACM-93895 | Reviewers attempting to save or sign off changes while their earlier changes were still processing saw the following error message: “The request could not be handled.” |
SF-1307372 ACM-87205 | Localization in the new reviewer user interface required multiple improvements. |
SF-1332517 ACM-96153 | After the scheduled run time for a review was changed, the task was duplicated in the memory and the review was run multiple times. |
SF-1273418 ACM-93625 | In the legacy user access review definition, previously selected options for the Replace state were reset when editing the review definition without opening the States tab. |
ACM-92635 | During delegation from the "By Reviewer" tab of reviews, a "Delegated From" user was incorrectly identified as the last reviewer when expanding the tab instead of the actual reviewer from whom items were delegated. |
SF-1159200 ACM-86631 | When a review item that had been maintained with expiration was revoked, the reviewer was incorrectly set to AveksaAdmin. |
SF-1159011 ACM-86618 | The status for a review was not updated properly upon review completion. |
SF-726389, ACM-61543 | In review definitions, the "include sub-groups" option was available for selection when no specific groups were selected. |
SF-1322438 ACM-95464 | Review escalations scheduled to run before or after the review due date were not triggered when either the escalation was scheduled after the review due date had passed or when the application was down during the due date. |
SF-1215725 ACM-90109 | Review generation took more than sixty hours when the review did not use the option “Include group memberships that are entitlements of their assigned global roles.” |
SF-1329501 ACM-95763 | Violation Remediation review generation failed with the ORA-12899 error. |
SF-1261298 ACM-94057 | When a role containing app-roles was deleted in a role review, change items to remove the app-roles were not generated. |
SF-1274991 ACM-92885 | The user interface took a long time to load certain tabs in reviews that had large data sets. |
SF-1172039 ACM-87438 | Some reviewer escalation workflows were not triggered and the review history did not update if the review became active by an escalation workflow. |
Issue | Description |
---|---|
SF-781743 ACM-61578 | Change requests with fulfillment dates set later than 2040 were erroneously fulfilled immediately. |
SF-1290694 ACM-94018 | The ${avform.requestor.Id} variable did not resolve as expected for users.Supervisor and grayed out the associated button due to the resulting sql error. |
SF-1260207 ACM-92751 | The default out-of-office functionality failed to process Global Common Submission Questions when configured. |
SF-843249 ACM-67217 | When a user viewed a request form with table grouping enabled, the list of entitlements took much longer than expected to expand if the checkbox next to the entitlement type was selected. |
SF-1170215, ACM-87978 | When multiple users were selected, submission variables appeared in only the first change request. |
SF-1299740 ACM-94324 | Change requests to remove a user from a group that were generated by a Group review did not complete if the fulfillment workflow was configured to “Create a Job per group.” |
SF-1264368 ACM-93112 | Optimized statements for Change Requests involved with determining missing or extra indirect entitlements. |
SF-964505 ACM-74785 | When a user is granted the same entitlement through both a role and an account and the account is deleted from the user, an error occurs when the role is later deleted from the user. |
SF-1290843 ACM-94916 | When canceling a change request there was a significant delay. |
SF-1286545 ACM-93599 | A "Remove account to group" change request from a webservice did not set the affected users in the request information. |
Issue | Description |
---|---|
SF-1191999 ACM-89978 | The AFX output parameter did not update the pending account, even though AFX received the value from the endpoint. |
Issue | Description |
---|---|
SF-1205426 ACM-90188 | Email failures did not appear in the notification tray to alert the admin. |
Issue | Description |
---|---|
SF-1191999 ACM-93039 | Output parameters were not resolved when DN suffix mapping was used for account creation. |
SF-1297770 ACM-94271 | When the database suddenly went down or was unable to connect to AFX, AFX stopped running until the AFX service was restarted. |
Issue | Description |
---|---|
SF-1073265 ACM-82980 | Custom Value List display names were not allowed in an advanced search with Integer Type attribute filtering. |
Issue | Description |
---|---|
SF-1195900 ACM-91400 | Active Directory users were unable to authenticate from the host controller in a WildFly cluster environment. |
Issue | Description | |
---|---|---|
SF-1230171 ACM-90666 | On restart, a Change Request with only form fulfillment created a workflow that skipped all its form fulfillment nodes. | |
SF-1277646 ACM-93113 | Parallel Phase Nodes duplicated workflow and fulfillment jobs because of concurrency errors. | |
SF-1284183 ACM-93525 | A fix applied in an earlier patch for change requests stuck in the fulfillment phase stopped working after an upgrade. | |
SF-1292210 ACM-94109 | Role approvals grouped by a custom category mixed up the acm.JobGroup values assigned in the workflow to define the group. | |
SF-1307962 ACM-95063 | A new workflow form for an activity or approval did not associate to its respective node when saved and did not replace the previous form as a result. | |
SF-1279390 ACM-93461 | Corrupted mapping for provisioning command parameters occurred after an upgrade. | |
SF-1314848 ACM-95214 | The conditional transition selection failed to save the first time when setting the condition through the drop-down selection button. | |
ACM-94082 | Could not delete an escalation that referenced an escalation workflow that did not exist from the approval node. | |
SF-1274945 ACM-92854 | When a change request was created with an entitlement that had a business description, the short and long business descriptions appeared empty under user Changes in the change request approval screen. | |
SF-1155926 ACM-87274 | Additional Javadoc was needed about the use of Java nodes in workflows. | |
SF-1255736, ACM-91858 | After importing a workflow from a higher patch version into a lower patch version, migration failed with the ORA-0001 error. | |
SF-1314265 ACM-95190 | The Activities page loaded slowly when using a monitoring policy with a large number of activities and when filtering activities with the “By Entitlement” tab. |
Issue | Description |
---|---|
SF-1298037 ACM-94661 | The ServiceNow collector failed after certain plug-ins were activated. |
SF-1269198 ACM-92669 | After viewing a collector schedule without making changes, the system updated the Date Modified field of the Collector History with the time the schedule was viewed. |
SF-1305102 ACM-94653 | CSV database processing could not handle column header values nested in double quotation marks. |
Issue | Description |
---|---|
SF-1187149 ACM-88462 | Custom user attributes were not populated in the table options of the accounts tab. |
Issue | Description |
---|---|
SF-938836, ACM-74513 | Secondary pages of a report displayed within a dashboard were not displayed properly. |
SF-1156786 ACM-88676 | An object dashboard was not displayed in the order expected based on the specified Display Sequence value. |
Issue | Description | |
---|---|---|
SF-1300333 ACM-94263 | Running two MAEDCs failed with error ORA-30926 if they overlapped in applications and IDs. | |
SF-1187676 ACM-89996 | Users could not login during the first step, Account Data Collection, of a running ADC. | |
SF-1249962 ACM-91612 | Change Verification performance slowed on large datasets after an upgrade. | |
SF-1312022 ACM-93036 | The App Metadata collector failed with the “character string buffer too small” error. | |
SF-1312017 ACM-94871 | The App Metadata collector trimmed values longer than 38 characters for owner and CAU fields. | |
SF-1217455 ACM-89969 | Indirect relationship processing ran for more than 5 days after changes to the MAEC. | |
SF-1216820 ACM-92280 | The provided fix to truncate the T_AV_BUSINESS_DESCRIPTIONS table did not successfully shorten the long collection time. | |
SF-1314874 ACM-95225 | Objects in relationships that were deleted and revived in prior collections caused changed relationships to be rejected during collection. |
Issue | Description |
---|---|
SF-1302256 ACM-94318 | Data purging failed with the ORA-02292 error "integrity constraint (AVUSER.FK_T_PCS_EXN_HY_PC_ID_T_PCS_ID) violated - child record found". |
Issue | Description |
---|---|
SF-1246819 ACM-93524 | A database import process generated unneeded statistics for certain tables. |
SF-1297442 ACM-94181 | The "Provisioning screens for 50 users" performance test showed an unoptimized sql query. |
SF-1312843 ACM-94891 | Rule pre-processing performance significantly slowed after adding segregation-of-duty rules for a large environment. |
SF-1280916 ACM-94602 | When running the data archiving function, the data archiving process completed as expected but the purging process fails due ORA errors. |
SF-1316146 ACM-95109 | Additional columns that were added to the Groups table were not exposed in all views. |
Issue | Description |
---|---|
SF-1191611 ACM-88807 | Some Approval Email replies did not show the correct reference numbers for a request and showed <AV-MsgRef-REF> instead. |
SF-824105 ACM-65511 | The Review Completed event sent emails only to reviewers with open items. |
SF-803604 ACM-64365 | The View Review hyperlink to a deleted review result in a New Review email incorrectly showed the error "The Request could not be handled." |
SF-1300504 ACM-94697 | Case-sensitive email approvals resulted in "Wrong user replied" responses when taking an approve or reject action through email. |
SF-1155182 ACM-88160 | Lotus Notes could not correctly display Nordic characters in emails sent by RSA Identity Governance and Lifecycle. |
Issue | Description |
---|---|
SF-922041 ACM-78015 | Patch installation took an unusually long time to complete. |
Issue | Description |
---|---|
SF-1257224 ACM-92539 | Performance slowed for importing or modifying an application with a large amount of users. |
SF-1230774 ACM-92269 | An application that was imported from an exported metadata file was missing information about mapping the application to a connector. |
Issue | Description |
---|---|
SF-1177525 ACM-87860 | In a clustered environment, the PasswordResetNag and PasswordChangeNag tasks could be duplicated and cause a startup error. |
Issue | Description |
---|---|
SF-642369 ACM-52522 | Changes to the root logger level in a clustered environment failed to apply to all associated nodes. |
SF-1019541 ACM-78253 | After running the HardenHTTPSProtocols.sh script in the /home/oracle/deploy directory, the following error occurred: “WARN: can’t find jboss-cli.xml. Using default configuration values.” |
Issue | Description |
---|---|
SF-1284789 ACM-93688 | CSV Column headers were duplicated when exported as an attachment in an email from a scheduled report generation. |
SF-1158510 ACM-93535 | Two OOTB report templates, Changes in User Global Roles by Date Range and Changes in User Global Roles in the Last n Days, worked only for collected role changes and not local role changes. |
SF-1261751 ACM-93822 | The report query processed the < character as HTML mark-up code and truncated text that followed it. |
SF-1163099 ACM-86916 | When using the replace function during a preview or submission, special characters were removed from queries. |
SF-1190029 ACM-88495 | Query parameter detection did not work properly with an unmatched single quotation mark in the comment. |
ACM-89680 | When a user tried to view a report that was no longer available, the following incorrect error message was displayed: “Access Denied. Insufficient privileges to view this page.” |
SF-1158510 ACM-88913 | The OOTB report using the template "Changes in User Global Roles by Date Range" could become stuck due to excessive query executions. |
SF-1219878 ACM-90513 | A new public view was needed for a customer’s reporting purposes. |
SF-1219878 ACM-90512 | The tables T_AV_AFX_REQUEST & T_AV_AFX_REQUEST_HISTORY did not contain public views. |
Issue | Description |
---|---|
SF-1300030 ACM-94292 | The User picker control type reports an SQL exception error when the user filter is enabled and no variable substitution is defined in the filter. |
SF-1310845 ACM-94989 | Variable substitution in the control type "Drop Down with Web Service" did not encode for javascript. |
SF-1201270 ACM-88959 | After a button was configured to include forms of multiple form types, only global forms were displayed when the button was pressed. |
SF-1224614 ACM-91417 | The error message “An error occurred loading the fields for the form” occurred when running a form if the “Hide table if empty” option was enabled for an entitlement table that contained a dynamic value. |
Issue | Description |
---|---|
SF-1158276 ACM-86615 | An indirect entitlement provided through a role could erroneously be removed while comparing users. |
SF-1208476 ACM-91790 | Under rare circumstances, a rare condition can result in Aveksa Entitlements getting out of sync when the privileges are granted or revoked through a Role or a Group. |
Issue | Description |
---|---|
SF-1264397 ACM-93893 | When a UCD rule detected an orphan account, an email was sent to a random supervisor if no supervisor was associated to the account. |
SF-1322268 ACM-95316 | The Attribute Change rule skipped users when multiple Rule runs were queued. |
SF-1320363 ACM-95258 | Rules processing failed with the error ORA-12899 because the character limit for the application reference value was not large enough. |
SF-1312843 ACM-95146 | Rules post-processing task "Step 8/9: Post processing: Populate violations for review components" took an hour longer than expected when processing review items with violations. |
SF-1333143 ACM-95904 | A provisioning/termination rule did not create change requests to revoke entitlements when there are accounts to disable and delete. |
Issue | Description |
---|---|
SF-1307234 ACM-94695 | Sensitive info in REST and SOAP Web Service node configuration could be viewed by users without edit privileges. |
SF-986549 ACM-78252 | A request form vulnerability showed authorizations that a user should not be able to request. |
SF-1158051 ACM-86836 | The status page shown at the end of the password reset process needed a sanitized URL. |
SF-1284851 ACM-93533 | Needed to update the Apache Commons jar to the most recent version to increase security. |
SF-1158051 ACM-86955 | Additional validation and sanitization was needed for the file upload functionality in access requests. |
SF-1158051 ACM-87527 | Additional validation was required for JSP files uploaded in the Admin section. |
Issue | Description |
---|---|
SF-1257836 ACM-93038 | Scheduled Unification was triggered before the scheduled IDC run and caused the incorrect processing of rules. |
Issue | Description |
---|---|
ACM-92994 | Proxy protocol changes in a Rest Node could not be saved. |
SF-1251232 ACM-92551 | The load time for Review pages and Request Activity pages slowed after an upgrade. |
SF-1310137 ACM-94849 | After a data retention job runs, the Change State column in the Activities view could not display some of the remaining data. |
SF-1193085 ACM-88580 | The user interface did not notify that a previously uploaded .jsp file reloaded with modifications required a server restart for the changes to take effect. |
SF- 1167740 ACM-92498 | In a dashboard, the complete name of a request button was not fully visible. |
SF-630081, ACM-54208 | When a user submitted a request, the Select Request Source screen displayed incorrect business source attributes. |
SF-1324961 ACM-95538 | Users granted view access to a group's directory could not see the group members. |
SF-673708 ACM-53828 | Under Resources > Applications, in the Accounts tab, custom attributes were not displayed for Application Roles or Entitlements. |
SF-1246951 ACM-91654 | Intermittent high CPU usage caused performance issues in the RSA Identity Governance and Lifecycle user interface. |
SF-1048792 ACM-81142 | Under Reviews > Activities, when an Actions menu appeared at the bottom of the page, some menu options were cropped out of view. |
SF-1176345 ACM-88381 | The node filter in System > Logs could not show any logs in a WebLogic environment. |
Issue | Description |
---|---|
SF-108829 ACM-87443 | Online documentation for the createChangeRequest web service needed to clarify when the change request is not created. |
SF-983571 ACM-76016 | The User Attribute Change web service reported a "User Not Found" error when the User ID was on record. |
SF-1319168 ACM-95505 | Change requests created from a web service erroneously included a deleted account. |
SF-1253334 ACM-92041 | Duplicate group names on a multi app collector could cause the webservice call that created a change request to choose the wrong group. |