RSA Identity Governance & Lifecycle 7.5.0, 7.2.1
SecurID Governance & Lifecycle Role
cannot be edited. The Role remains in "Applied State" with a message indicating that "Additional changes cannot be made to this role until the change request is completed or rejected". The Role change appears to be stuck even though the change request is generated.
The AWR report may show the following SQL statement, as SQL ID a55znbsdprvx6, with a high number of "enq: TX - row lock contention" events:
| ||SELECT ID FROM T_AV_MODEL_EXPLODEDUSERENTS WHERE ID IN (SELECT MIN(E.ID) FROM GTT_ROLE_IDS G, T_AV_MODEL_EXPLODEDUSERENTS E WHERE E.ROLE_ID = G.ID AND E.ROLE_TYPE = 'C' GROUP BY E.ROLE_ID) FOR UPDATE|
A large number of (soft) deleted entitlements related to groups may lead to growth in T_AV_MODEL_EXPLODEDENTITLEMENTS table. This can adversely affect the performance of the role metric calculation done after a role change.
This issue is resolved in the following versions which include an optimized query for the Role metric calculation:
- SecurID Governance & Lifecycle 7.5.2
- RSA Identity Governance & Lifecycle 7.5.0 P05
- RSA Identity Governance & Lifecycle 7.2.1 P08
These versions/patches also include a migration script ACM-112571.sql to reduce the size of the T_AV_MODEL_EXPLODEDENTITLEMENTS table which further enhances performance.