The following issues were fixed in RSA Identity Governance and Lifecycle version 7.1.1 Patch 2.
Users were able to schedule reviews and collectors using a past date.
Multi-step review generation failed when secondary step definitions enabled the user selection option "By selecting supervisors and using their subordinate users.”
A review with a value for SIGN_OFF_ENABLED other than Y or N caused a server startup failure.
In a review definition that already had a coverage file that determined the monitors, if the definition was edited to deselect the coverage file option, the earlier coverage file was still saved with the review definition despite being displayed as unselected in the user interface.
The reassign action in the review user interface took longer than expected.
Review analysis failed with the ORA-01706 error.
The By Monitor tab for group and role reviews showed incorrect display names.
Account Review Change Preview tab did not download content when exporting the table.
A role review caused changes in the review state even when all review items were maintained.
Group review definitions erroneously displayed the Include Users option.
An SQL error occurred when changing a review state to complete.
Pre-processing for unauthorized change detection failed with the ORA-06402: PL/SQL: numeric or value error.
Subject of email incorrectly contained HTML markup.
When multiple sessions changed role-related items, such as users or entitlements, deadlocks could occur when refreshing role metrics, which interrupted processing.
The Revert Completed Changes option was missing from the cancellation pop-up when canceling a change request, even though completed items existed.
Local entitlements were not provisioned to the user when given through an account or when the directory for accounts was set in an application.
The request button type Add/Remove Using Request Sources did not have an option for including terminated users.
When users clicked a link to a change request in an email, after logging in, they were redirected to the home page instead of the change request.
If a user closed the browser or navigated away from the page using any function other than the cancel or back buttons, entries for pending accounts were left in T_AV_ACCOUNTS.
When generating a request, if a resolved pending account name already existed but was deleted, the reactivated account was not updated for all of the change items that depend on the pending account.
When saving the data from an application accounts table as a CSV file, the column name "Is Deleted" was displayed in the CSV output along with HTML code for an unneeded special character.
ACM Security Model
Account information on the MAEDC wizard was not displayed as expected to users authorized to edit or administer the MAEDC.
In a clustered environment, afx start incorrectly checked for the application running in standalone mode.
Improved error messages with regards to connector configuration.
The ISIM 6.0 connector timed out when testing the connector, and Test Connector Capabilities indicated a "class not found" error.
A provisioning command node stalled the workflow if the AFX request was in an invalid state.
AFX requests were getting stuck after upgrading to 7.x.x with the error "Error handling AFX primary request java.lang.NullPointerException", due to the schema change.
PV_AUDIT_EVENTS erroneously displayed logged users as AveksaAdmin instead of the user logged in through SSO.
Change Requests and Workflows
The workflow setting "Show job level variables" did not work as expected.
In a fulfillment workflow, REST nodes did not display job variables as expected.
A change request was canceled when an approver approved an indirect role that was deleted.
When change requests were split based on the Max Items settings, the generated requests did not have a set fulfillment date.
The error "RSA002: Invalid Configuration" was displayed during workflow runtime for a REST node, even though the node was successful.
Reassign Escalation Workflow and Technical Approval nodes changed the watch Workflow ID to the escalation Workflow ID.
The Salesforce Entitlement Data Collector on versions 7.0.0 or 7.0.2 failed when collecting large data sets.
The account data collector incorrectly processed the AD PwdLastSet attribute when the value was set to zero.
Data on the account/entitlement collector page loaded more slowly than expected.
After setting a specific user as a Backup Business Owner or Backup Technical Owner for any Directory, Application or Role set, when the user's name was changed through the IDC, the CAU1_NAME attribute was not updated and the application object showed an outdated name in details, tables, and pop-ups.
After upgrading, custom attributes were missing from the PV_USER_ALL_ACCESS view.
A dashboard using the component System Portlet: System Summary displayed incorrect values.
Dashboard import and export created new dashboard topics instead of overriding previous topics.
Data Collection Processing and Management
The “Is Terminated” attribute was not being displayed as collected for some unified users.
Indirect relationship processing failed with the following error: "ORA-30926: unable to get a stable set of rows in the source tables."
Data purging failed due to the ORA-02292 error while deleting data from work point tables.
RSA Identity Governance and Lifecycle did not start during remote database switchover.
Data archiving runs failed.
Migration from 7.0.x to 7.1.x failed with the following error: "ORA-01720: grant option does not exist for 'SYS.DUAL'"
After creating 500 SoD rules using a correlation specification, rules processing exceeded 17 hours.
The system performed slowly after upgrading and using Oracle 12.2.
Users experienced performance issues with the email log page.
Users experienced performance issues with the overall user interface, workflows, and collections.
Reviewers performing a bulk revoke during a fine grain role review experienced performance issues.
Special characters were not displayed properly in email subjects.
Deprecated migrate_deleted_connectors code because it was failing during role migration.
Database migration stalled with the ACM-76636_2.sql query processing for three days.
The migration script ACM-72719.sql failed with the ORA-19011 error.
An Oracle ORA-22835 “Buffer to small” error could occur while provisioning an account through AFX under high load.
Column display names in a report definition were not updated if the alias column name in the query was the same as the display header but with different capitalization.
Old attributes in jrxml report definitions resulted in spam to the server logs.
Reports that use styles did not retain the style when downloaded to an output file such as PDF or HTML.
The default Drop Down Select with Web Service control was unable to pass a request token to a Web Service.
Check boxes on a form were not disabled when the form was disabled.
Users were unable to submit a form that used an external validation URI, because the Next button was unusable.
Request forms allowed the selection of entitlements for a user that they had already been indirectly granted.
Validation URI JSPs did not work when uploaded to the secured JSP pages.
Could not open an associated request form from a change request.
A conditionally disabled drop-down passed only the first value.
During role creation, users who were configured as the Other Technical Owner for some role sets and who had the Role Set: View All entitlement were erroneously able to create roles under any role set.
The Role Creation wizard displayed a role set’s raw name instead of the role set name to technical and business owners.
A role membership rule could not be removed or deleted after it was created.
When the Apply Changes button was clicked on a changed global role, the View Changes link incorrectly showed the same entitlements as both added and removed.
The rule type Role Missing Entitlements did not capture missing Global Role entitlements in email.
User access rules failed during execution.
The unauthorized access rule detected and revoked legitimate account to group memberships that had been previously provisioned by RSA Identity Governance and Lifecycle as user changes or Add User to Group requests.
A segregation-of-duties rule with a correlation attribute created violations with one bucket only.
Segregation of duties rules did not work properly with child application roles.
The Attribute Change rule skipped users when multiple Rule runs were queued.
Data purging failed with the following error: “ORA-02292: integrity constraint (AVUSER.FK_T_IDCAV_T_IDCA_ID) violated - child record found.”
In the list of applications, the Sensitivity column was not available in the table options under Displayed Columns.
A custom help URL did not work immediately after logging into RSA Identity Governance and Lifecycle.
When the Ignore Case option was selected, the "one of" search option erroneously remained case sensitive.
A "request cannot be handled" error occurred when clicking on an external URL request button with a special character in its name.
Import incorrectly allowed values greater than the defined value of 256 for the short description of business descriptions.
The user interface did not notify that a previously uploaded .jsp file reloaded with modifications required a server restart for the changes to take effect.
Under Resources > Applications, in the Accounts tab, custom attributes were not displayed for Application Roles or Entitlements.
When multiple records were found for userId, the web service failed to update the user's review items.