The following issues were fixed in RSA Identity Governance and Lifecycle version 7.1.1 Patch 6.
Filtering on the Account User column in account reviews threw an IndexOutOfBound error when the accounts in review had changed from one of orphaned, single user, or shared to another during collections that occurred after the review is generated.
A role review could not be completed if the role had a parent, due to review generation incorrectly adding the parent role as a sub role.
When exceptional access granted from a violation review expired while the same review was still active, the violating entitlements were no longer excepted, and the remediator was unable to re-grant exceptional access.
Review monitors with read and write privileges on a review were incorrectly able to edit and create escalations on reviews.
Alternate managers were able to self-review items even when the self-review option was not enabled on a review.
Mandatory review comments did not always cascade to child entitlements.
When multiple roles exist with the same raw name due to deleted roles, creating a change request for that role failed because the system selected a deleted role entry instead of the active entry.
In a change request, the role name is displayed inconsistently, at times using the role raw name.
Some Role Names were unexpectedly changed to Role Raw Names without a change request.
Change Requests and Workflows
The user interface previously allowed users to cancel change request items in a pending verification state only if the change request was in the open state and the workflows were in an active state.
Clarification was needed that the "Max items per change request" setting does not affect change requests that add or remove entitlements from roles.
Requests with all watches closed incorrectly remained open.
The change request milestone for completed manual activity incorrectly displayed a message that it was completed by the system.
When a pending account had dependencies in another change request, and the pending account's change request was rejected by the approver, all of the items other than the pending account were rejected, and the pending account was provisioned.
The REST connector used returned set-cookie headers in subsequent calls, resulting in failed login attempts.
Could not clear the mysql-connector-java-5.1.36-bin.jar from a MySQL connector after it was loaded.
The REST connector was adding unnecessary, unconfigured HTTP headers to configured capabilities.
Improved security of REST connector parameters.
Custom aliases used for the "Application backup technical owner" and "Business unit backup technical owner" attributes were switched in the Application page user interface.
Data Collection Processing and Management
Stack overflow errors from queries were not caught and handled as expected.
SF-1537490 SF-1574041 SF-1566464 SF-151295
Unification did not properly update the Terminated Flag for a user causing Termination Rule to not work properly.
After upgrading the JDK, installing a patch failed with a "No such file or directory" error.
A change request was unable to process the removal of a local entitlement from a deleted user.
After running an unscheduled report, the related email incorrectly attached the last scheduled report.
In a request form, the user picker field did not show the selected user value.
Deleted or obsolete role versions were occasionally not properly removed from system tables.
Custom Attribute columns displayed an incorrect value during role analysis for suggested entitlements.
When exporting all roles, the entire export failed when an unexpected error occurred for any of the included roles.
The role management history table occasionally displayed two instances of the role to change request link instead of just one.
RSA Identity Governance and Lifecycle handled identical change requests differently when they were made for business roles or single entitlements.
The role entitlements screen for Direct Missing Members displayed incorrect users.
Unable to change the status of a rule when the rule action to send email contained deleted users.
User coverage in Segregation of Duties (SoD) rules did not filter users with a null attribute value.
UINC rules were unexpectedly triggered, reassigning access to terminated users. Terminated users are now excluded from being assigned access.
Grouping on the Requests > Requests page erroneously included change lists that were in the pending submission state, resulting in an error when a user expanded a grouping that included one or more pending submission change requests. Group queries now exclude partially submitted change requests.