SecurID® Governance & Lifecycle Product Documentation
- RSA Community
- :
- Products
- :
- RSA Governance & Lifecycle
- :
- Documentation
- :
- Product Documentation
- :
- Fixed Issues in 7.1 Patch 1
-
Options
- Subscribe to RSS Feed
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Fixed Issues in 7.1 Patch 1
The following issues were fixed in RSA Identity Governance and Lifecycle version 7.1 Patch 1.
Access Certification
| Issue | Description |
|---|---|
| SF-1044154 ACM-82969 | Change Requests in Open status without a workflow ID defaulted to the Explicit Access workflow after restarting the application. |
| SF-839034 ACM-66789 | A review opened through an email link, then canceled, opened a null page after confirmation instead of the home page. |
| SF-855955 ACM-68187 | Comments for review items could not be applied as part of a bulk update. |
| SF-1120715 ACM-84607 | The email link to view a role review opened to an error page. |
| SF-1008666 ACM-79783 | Non-existent access to a group appeared for users in a User Access Review. |
| SF-597513 ACM-51149 | Multiple Account Review attributes did not properly translate to other languages. |
Access Requests
| Issue | Description |
|---|---|
| SF-964684 ACM-76816 | Access Requests with violations could be submitted by requestors when the filter was defined with more than one role attribute. |
| SF-1021090 ACM-78198 | Approval nodes assigned access requests to out-of-office supervisors if those supervisors were part of the approval workflow at another level. |
| SF-1102047 ACM-83563 | Custom attribute value lists degraded the performance of rendering the User Access pages. |
| SF-01110863 ACM-84248 | Attributes with “on” and no date caused an exception error during the display of the milestone on the Change Request Detail page. |
| SF-1066622 ACM-83225 | An error occurred identifying the application name in a change request when the application had a Directory For Accounts setting. |
| SF-1122693 ACM-84601 | A pending change request with a large number of new accounts could cause a cleanup issue when restarting. |
| SF-1098397 ACM-83297 | A Review query was not optimized for large datasets and used too much database memory. |
| SF-818651 ACM-64918 | Business Sources excluded from Add Access and Suggestions were visible under Requests > Create Requests > Add Access, but their entitlements could not be requested. |
| SF-1042229 ACM-80274 | The manual activity assignment link became disabled after a few hours if dynamic groups or roles were in use. |
| SF-1103472 ACM-84436 | AFX logs were not filtered as relevant to a request. |
| SF-1133285 ACM-85099 | When a web service was assigned for a request, an error occurred when clicking on the default form under "Additional Information". |
Account Management
| Issue | Description |
|---|---|
| SF-837790 ACM-78326 | An account template configured with additional account parameters failed to add those parameters to a created account. |
| SF-1104583 ACM-84929 | Imported mapping that had been deleted and recollected from the account data collector source would create duplicate mapping. |
Application Wizards
| Issue | Description |
|---|---|
| SF-839184 ACM-67710 | The Users count under Applications > General did not update after importing or updating the mapping. |
Change Requests and Workflows
| Issue | Description |
|---|---|
| SF-1053443 ACM-83569 | If Enable Email Reply Processing was unchecked and saved, then related options were not properly hidden. |
| SF-1101627 ACM-83545 | A Delete Account change request could be marked as complete but still show a status of "Pending Action". |
| SF-1069608 ACM-81876 | Manual Request Additional Info escalations could prevent an automatic Reassign to Supervisor escalation from running as expected. |
| SF-1104201 ACM-83552 | The save button did not function properly when a resource, escalation, job variable, or webservice response was added, edited, or deleted. |
| SF-1022154 ACM-78550 | A Change request generated using an unowned group and an owned group would incorrectly assign all of the change request items to the second group’s owner for approval. |
| SF-4036115 ACM-82463 | When generating a change request with users who had outstanding change requests, the generated change request incorrectly excluded any users who did not have an outstanding change request. |
| SF-1098925 ACM-83236 | Imported legacy workflows created before version 7.0.1 had a legacy value not handled by the new architect editor. |
| SF-1110903 ACM-84016 | The Provisioning Command node did not display job variables in the node properties. |
| SF-1118999 ACM-84554 | A user access request with multiple entitlement changes did not reliably create account change items for adding entitlements depending on the order of selected actions. |
| SF-1143477 ACM-85731 | After an upgrade, transition were not displayed in processing workflows that were created in the previous product version. |
| SF-684868 ACM-55740 | After completing an activity, users could see all completed activity on the By Entitlement tab instead of just their own. |
| SF-1077691 ACM-81947 | An exception error occurred when evaluating fulfillments with dynamic roles and group resources. |
| SF-1040676 ACM-79305 | An entire change request would be rejected at the fulfillment phase if it had an entitlement deleted by a partial rejection in the approval phase. |
| SF-867542 ACM-74045 | Activity nodes in a workflow were skipped if AFX fulfillment came back as Completed. |
| SF-1116690 ACM-85129 | SOAP and REST web service nodes could not be exited if the code window was expanded. |
Collector
| Issue | Description |
|---|---|
| SF-1110276 ACM-83742 | Collection failed when the internal data file was larger than 2.15 gigabytes. |
| SF-953019 ACM-74103 | A line break character in search filters caused the test collection to fail for the LDAP collector. |
| SF-964259 ACM-75432 | A custom string attribute used for collection did not collect the LastLogonTimestamp attribute as expected. |
| SF-1039961 ACM-84256 | The Salesforce collector did not collect LastLoginDate as expected due to an invalid date format error. |
Connector
| Issue | Description |
|---|---|
| SF-1111150 ACM-84090 | After an upgrade, attribute synchronization on the AD connector applied the attribute_sync prefix to non-empty & non-account variables, which updated values not required as well. |
| SF-976731 ACM-79126 | Account template parameters did not correctly expand variables in password type attribute fields. |
Dashboard
| Issue | Description |
|---|---|
| SF-1032894 ACM-80335 | Dashboard links containing a query parameter that included a bind variable did not return the expected results. |
Data Collection Processing and Management
| Issue | Description |
|---|---|
| SF-1088219 ACM-82998 | The IDC User Interface did not show whether the IDC required a Full Refresh. |
| SF-1104583 ACM-83603 | Pending User Account mapping and subsequent local mapping were removed every time the ADC ran collection. |
| SF-1100515 ACM-83254 | A collection that failed on the circuit breaker update did not remove the green check mark from the Last Successful Collection Date field. |
| SF-1063378 ACM-82700 | After unmapping users from the accounts, the users sometimes erroneously retained access. |
| SF-1100498 ACM-83252 | Procedures to purge older raw datasets caused circuit breaker failures when they erroneously purged raw datasets for collectors queued for processing. |
| ACM-53235 | Internal data files such as STX tables and temporary data files in the server/default/deploy/aveksa.ear/aveksa.war/WEB-INF/AveksaDataDir directory were not removed as expected if the "Remove Internal Data Files After Upload" option was set to Yes. |
| SF-1068551 ACM-83338 | For users making role changes, role data collection would sometimes cause deadlocks due to database-stored procedures making unnecessary row updates to roles, even when they were not changed. |
| SF-596501 ACM-50485 | Collection fails with an unclear error message when the collection source contains a special character that cannot be parsed. |
| SF-1115169 ACM-84129 | Starting a unification run with migrated user records from before 7.x failed with "ORA-30926: unable to get a stable set of rows in the source tables" in 7.0.2 p2. |
| SF-1121551 ACM-84547 | Unifying data with duplicate values caused failed collections with the message "ORA-30926: unable to get a stable set of rows in the source tables". |
| SF-1103183 ACM-84750 | The "Who Has Access" tab for Data Resources was not populated after a long-running data collection by the primary DAC that was misidentified as secondary. |
| SF-1059311 ACM-83235 | The DAG collector stalled after pre-processing a large data validation query. |
| SF-988361 ACM-83488 | The account and entitlement data collectors did not collect user attributes CAS6 through CAS10 for indirect group entitlements. |
| SF-1133387 ACM-85100 | The account and entitlement data collectors did not collect CAS user attributes in the correct order and could not properly assign the value of CAS10 as a result. |
| SF-1101593 ACM-83516 | Unifications could fail due to improper clean-up of the tables used for prior data collections. |
| SF-1131773 ACM-85098 | Unification sometimes assigned a deletion date for users that prevented them from logging in. |
| SF-1097757 ACM-85534 | Temporary STX tables were left behind if the circuit breaker was triggered. |
| ACM-85488 | User access to data resources could not be reviewed if assigned only through a group that was not properly tagged after data collection. |
| SF-1058100 ACM-80563 | When a user was moved from one IDC to another, unification terminated the original user and created a duplicate user. |
Database Management/Performance
| Issue | Description |
|---|---|
| SF-01123301 ACM-84609 | Data archiving had a processing failure. |
| SF-1164598 ACM-86987 | The database slowed, reported multiple errors, and then used up all resources when conducting bulk reviews on thousands of items. |
| Issue | Description |
|---|---|
| SF-1067879 ACM-81341 | If the special character % was in the e-mail content, then the email could not be generated. |
| SF-1039470 ACM-79253 | Emails generated for exported reports incorrectly capitalized the report file extension. |
| SF-1101300 ACM-83537 | Reports exported to an Excel spreadsheet did not restore a previously deleted temporary folder and, as a result, returned blank rows instead of the expected data. |
| SF-1086751 ACM-83216 | Email processing failed and displayed the error "Wrong user replied" for approvals sent to dynamically assigned approvers in a role. |
Installer
| Issue | Description |
|---|---|
| SF-970037 ACM-76001 | Aveksa.ear contained duplicate files that caused zip errors during deployment. |
| SF-1137353 ACM-85438 | The installer checked for unneeded packages and caused installation in a WildFly environment to fail. |
| SF-1115317 ACM-84107 | A typo appeared in the installOracle.sh script. |
| SF-1129043 ACM-85437 | Installation or upgrade on Red Hat 6.5 and 6.8 failed when IPv6 was disabled. |
| SF-942673 ACM-73935 | The installation or upgrade process would get stuck when one or more required install packages were missing. |
| SF-1130896 ACM-85021 | The aveksaWFArchitect.ear file could not be deployed on WebLogic 12.2.1.3.0 due to a conflict in the Java Spring-Boot library. |
| SF-1150455 ACM-86894 | A schema could not be created or migrated when using non-default tablespace names. |
Password Management
| Issue | Description |
|---|---|
| SF-924320 ACM-73375 | The View Password URL could not be correctly configured through the User Interface. |
| SF-1069908 ACM-81479 | Password validation did not work consistently from the user interface and from an external password reset link. |
Reports
| Issue | Description |
|---|---|
| SF-1043556 ACM-81849 | The / character in a report file name created a report schedule that failed if the option to send attachments was enabled. |
| SF-1004352 ACM-79058 | A new chart could not be created with the same name as an existing tabular report. |
| SF-826817 ACM-67195 | Reports exported using the .xls file extension were not properly formatted. |
| SF-767212 ACM-60522 | After upgrading, reports containing Cyrillic characters still did not display correctly when exported as .xls or .csv filetypes. |
| SF-838887 ACM-71716 | The report template "Entitlement Review Item Details by Reviewer" did not display the custom review state. |
| SF-01143644 ACM-85658 | The order of the list columns available in the Report Column tab changed randomly. |
| SF-647482 ACM-52763 | Imported Custom Report templates copied unnecessary attributes that caused errors. |
Request Forms
| Issue | Description |
|---|---|
| SF-1025815 ACM-82420 | The validation URL did not work for the "Drop Down Select from Web Service" control type. |
| SF-1084223 ACM-82486 | The form tooltip for tables did not display when added to a question. |
| SF-1059905 ACM-82742 | A question with a multi-select drop-down control did not trigger a display condition tied to selecting a drop-down option unless the same condition was also assigned to a secondary control. |
| SF-992540 ACM-76461 | Forms did not display terminated users when a custom form or form list was opened by a request button action. |
| SF-1065124 ACM-81155 | On request and approval forms, when using a submission question with a Select Drop Down list, only the first value was used. |
| SF-792046 ACM-65018 | Non-visual entitlement tables were displayed on a submitted request form. |
| SF-1112926 ACM-85657 | Out-of-the-box Application Business Source attributes returned null values when called through variables in request forms. |
| SF-931948 ACM-74069 | An entitlement table field on an existing request form with a "Show child entitlements of" attribute did not retain its value when copied to a new request form. |
| SF-1013039 ACM-77523 | An option in a Drop Down Select control could not be deleted if the user put single quotation marks around the value. |
| SF-1086944 ACM-83740 | Multiple entitlement tables that used Display conditions, Enable conditions, and Form variables in their entitlement rules sometimes displayed improperly. |
Role Management
| Issue | Description |
|---|---|
| SF-1069369 ACM-81602 | The user interface for coarse-grained role reviews provided options to remove or edit members and entitlements, even though coarse-grained role reviews are intended for high-level review and not to make individual changes. |
| SF-817316 ACM-65297 | Custom attributes created with the same name but assigned to different entitlement types appeared identical and did not work correctly when setting an entitlement rule in a role set. |
| SF-1112926 ACM-85657 | Out-of-the-box Application Business Source attributes returned null values when called through variables in request forms. |
| SF-1149895 ACM-86112 | Fixes to the role set persistence of a role caused problems with entitlements when there were role set changes. |
| SF-1142958 ACM-85634 | A Null pointer exception error occurred when creating a new role while logged in as the business role owner of a role set. |
| SF-1089845 ACM-84396 | Cascaded roles were missing to be added as entitlements while creating a change request from the Role Missing Entitlements rule execution. |
| SF-1078256 ACM-82957 | After importing a modified XML file of existing global roles, the Long Description was not updated. |
| SF-839546 ACM-66820 | A new role with no members or entitlements did not appear in search results when the search filter was set with the member or entitlement count as zero. |
| SF-963152 ACM-63734 | Collected roles that were exported did not fully import when imported into same environment. |
Rules
| Issue | Description |
|---|---|
| SF-1052613 ACM-84945 | When the Attribute Change rule for Managed Attributes used the "Set to old value of" argument, the rule sometimes failed to set values after the first user matched by the rule. |
| SF-1120488 ACM-84536 | During access request creation, when a user views the Accounts selection screen and then goes back to the previous screens to make changes, violations by the new changes were sometimes not displayed. |
| SF-1127651 ACM-84810 | Out-of-the-box workflow form controls were listed in the Violation Remediation node that did not work for the node. |
| SF-1114903 ACM-83574 | Changing the User Access/Separation of Duty Rule definition closed some violations but left their remediation workflows active. |
| ACM-83212 | New violations could incorrectly be added to existing remediation workflows, when a new workflow was necessary. |
| SF-1105975 ACM-83937 | The number of violations did not appear correctly in the status column. |
| SF-1057748 ACM-84105 | The user interface did not display violations that were not in sync with the remediation workflow to remediators. |
| SF-1125118 ACM-84592 | A rule violation remained in Pending Revocation status after rejection of a corresponding change request item. |
| SF-1101217 ACM-83760 | An Out of Memory error occurred while processing a large number of Role Membership Rule Difference rules. |
| SF-1095861 ACM-83120 | When a change request was created by a role change, decision Nodes ignored the "Contains at least one violation" condition. |
| SF-1025263 ACM-78589 | Change requests created by an unauthorized change detection rule identified the wrong user in the details. |
Security
| Issue | Description |
|---|---|
| SF-1095483 ACM-84155 | Applied security fixes for workflow editor properties. |
Server Core
| Issue | Description |
|---|---|
| SF-903632 ACM-71675 | A domain controller node in a hardware appliance with a local database could not stop, start, restart, or status-check the database using the aveksa_cluster script. |
User Interface
| Issue | Description |
|---|---|
| SF-596472 ACM-51112 | When editing review definitions, the Allow Expiration and Comments are Required checkboxes were cleared if the user switched tabs. |
| SF-843449 ACM-67243 | Logging out led to a blank screen if confirmations for logging out were disabled. |
| SF-791436 ACM-62724 | After adjusting table options, some columns did not display as configured when switching from a Group review result to a User review result. |
| SF-1001038 ACM-77791 | The Max Users Per Change Request setting in Access Configuration disappeared from the Settings tab if not assigned a value. |
| SF-1086944 ACM-85029 | Performance issues occurred on the General tab of a role set after applying entitlement and membership rules. |
| SF-884453 ACM-73706 | Heartbeats, which help to avoid server timeouts when using forms and the Architect workflow editor, generated benign errors in the server log. |
| SF-1127021 ACM-85554 | Changes in the customerstrings.properties file were not saved after an application server restart. |
| SF-620510 ACM-52883 | Underscores and spaces incorrectly replaced Hebrew characters in the user interface. |
| SF-1110294 ACM-85141 | The unique_ID attribute was not displayed on the summary page after changing the language under user options. |
| SF-1104724 ACM-84228 | Extended user attributes were not displayed on the summary page after changing the language under user options. |
| SF-967960 ACM-76184 | Attributes did not display when searching in the Business Units or Application list. |
Web Services
| Issue | Description |
|---|---|
| SF-1035349 ACM-81967 | Web service requests did not show affected users. |
