The following issues were fixed in RSA Identity Governance and Lifecycle version 7.1 Patch 3.
After uploading a coverage file to delegate a sign-off to another user, duplicate Entitlements appeared in a User Access Review.
An on-hold role review that was closed without changes incorrectly marked a role as "changed".
Group review results for monitors incorrectly displayed the member count for all groups as zero.
After performing bulk maintain actions on general category items, the user interface did not indicate that any action was in process. This caused the user to attempt to perform the action multiple times, even though it was already in progress.
A reviewer without required privileges could download the full list of users and attributes from any User Picker pop-up.
Large-scale reviews used all available memory and crashed the server with OutOfMemory errors.
Out of Memory errors occurred during large reviews.
A change in property types, caused by change requests for accounts that generated revocation change requests for users, led to incomplete information for revocation that failed on fulfillment errors.
An automatically generated revocation request would fail when using a directory for an account.
SF-1189389 SF-1189398 SF-1189510 SF-1189404
ACM-88467 ACM-88468 ACM-88485 ACM-88477
The system did not generate change requests from violation remediation actions for revoked accounts when simultaneously revoking and giving exceptional access for multiple accounts that belonged to the same app role.
When reverting a pending account, an Oracle error “ORA-19279” prevented successful completion of the action. Also, restarting RSA Identity Governance and Lifecycle while some change requests were not finalized could result in the same Oracle error “ORA-19279” and prevent server initialization that resulted in users not being able to log in.
A pending account cancelled in the fulfillment phase still created an account if the name matched to a previously deleted account.
An account template for role and rule changes could be improperly mapped to a request form through a workaround.
SF-1102654 SF-1131206 SF-1183455 SF-1193888
AFX enters "not running" status and connectors enters "stopped" status due to locks on the t_av_afx_server_agent table.
The maximum length of the JDBC URL field was too short for AFX connectors.
The Oracle Directory Server connector failed to create an account when the userPassword attribute was required for account creation.
Aveksa Statistics Report
The ASR did not pull data for Web Application Machine Information.
Change Requests and Workflows
Workflow variables containing multiple rows of data displayed with the comma delimiters.
Change request variables did not appear when fulfillment workflow edits updated the wrong variable.
The default AFX manual fulfillment subprocess did not have a job state node to cancel change items, which caused change items in a canceled fulfillment to be stuck in "pending verification" status.
Accounts and entitlements added through the "Complete Manual Activity Before Collection" feature would not appear in the user interface when referenced outside of the Users page.
The Show Job Level Variables checkbox did not appear for Escalation workflows.
Multi-app collectors slowed down when older data was not removed as expected and instead accumulated with each run.
Active Directory attribute synchronization was unsuccessful in some environments when the account attribute values were set to null.
The SAP connector did not support the USERTYP account attribute.
Data Collection Processing and Management
After the ADC ran, the Foreign Security Principal (FSP) membership changes in Active Directory did not update in RSA Identity Governance and Lifecycle.
Unification sometimes terminated users and duplicated them into new User IDs.
Accounts and entitlements added through the "Complete Manual Activity Before Collection" feature were not reconciled or removed after running collection.
Performance issues occurred for indirect relationship processing when processing deleted role relationships.
The GATHER_DATABASE_STATISTICS task failed on a buffer overflow error.
Illegal TXN State errors were reported in the user interface after applying a patch.
Schema patching errors occurred when upgrading a WebSphere installation.
The Workflow ValidReplyAnswers macro did not populate and list URLs in a consistent order.
Reports exported into the CSV or XLS format occasionally did not retain any data.
The password generator URI field did not resolve form variables.
A warning message on change requests needed clarification.
After changing the value of an avform variable, related form controls with display conditions did not update.
SF-887157 SF-957895 SF-1002780
User filters with avform.user variables added to the Compare Users field of the Provisioning form removed all users instead.
Form text fields with a long entry did not show the complete text in request or approval screens.
When Multiple Account Resolution is set to “per business source” and the request form adds entitlements from multiple applications that are tied to the same underlying directory, account prompts appear for each application instead of once for the directory.
When the User Selection screen for an Access Request form has a grouping that contains more than 100,000 users, the following error occurred when expanding and collapsing the grouping: “Error - java.land.IndexOutOfBoundsException: Index: 100000, Size: 100000”.
When a change request removed a child technical role from a parent business role, it also erroneously removed group entitlements that were shared from a different child technical role with common entitlements.
The displayed number of suggestions and violations did not correctly update collection when membership rules changed for a role and the role moved to the pending state.
The Role analytics table for missing required entitlements incorrectly showed technical roles as global roles.
After modifying a collector, a UCD rule detected changes that had already been validated following a previous detection.
Users could access pages in RSA Identity Governance and Lifecycle without required privileges.
An invalid identifier error in request forms appeared when using the Other type for owners in a business source filter.
Clicking the Back button in the web browser did not load the previous page.