- Product: RSA Identity Governance & Lifecycle
- Version: 7.0.2, 7.1.0, 7.1.1
- Component: Indirect Relationship Processing, Account Data Collectors (ADCs)
- Database: Oracle Database
The Indirect Relationship Processing task for Account Data Collectors (ADCs) fails during Group collection.
Observable symptoms:
- The Indirect Relationship Processing task shows a status of Failed in the UI under Admin > Monitoring > Run ID
- The
aveksaServer.logfile containsORA-30926andORA-06512errors
Task Details
com.aveksa.server.xfw.ExecutionException: com.aveksa.server.db.PersistenceException: java.sql.SQLException:
ORA-30926: unable to get a stable set of rows in the source tables
ORA-06512: at "AVUSER.CE_USERS", line 103
ORA-06512: at "AVUSER.CE_USERS", line 143
ORA-06512: at "AVUSER.COMMON_EXPLODER", line 435
ORA-06512: at "AVUSER.COMMON_EXPLODER", line 114
ORA-06512: at line 1
The following text is logged to the aveksaServer.log file ($AVEKSA_HOME/wildfly/standalone/log/aveksaServer.log):
ERROR (Exec Task Consumer#0) [com.aveksa.server.xfw.TaskExecutor]
Failed method=Execute ExecutionTask[TaskID=XXXXXX RunID=XXXXXX Source=XXXX
Type=EntitlementExplosionProcessing Status=InProgress]
com.aveksa.server.xfw.ExecutionException: com.aveksa.server.db.PersistenceException:
java.sql.SQLException:
ORA-30926: unable to get a stable set of rows in the source tables
ORA-06512: at "AVUSER.CE_USERS", line 30
ORA-06512: at "AVUSER.CE_USERS", line 139
ORA-06512: at "AVUSER.COMMON_EXPLODER", line 435
ORA-06512: at "AVUSER.COMMON_EXPLODER", line 114
ORA-06512: at line 1
RSA Identity Governance & Lifecycle fails to resolve Account-to-Group membership as a unique entitlement when an account belongs to a group through more than one path in the same ADC run.
This occurs because the Indirect Relationship Processing step — which is shared across multiple ADC runs — cannot handle duplicate Account-to-Group relationships resolved within the same run.
This error occurs because of data duplication in the T_CE_EXPLICIT_RELATIONS table.
This is a known issue reported in engineering ticket ACM-71877.
This issue is resolved in the following RSA Identity Governance & Lifecycle versions:
- RSA Identity Governance & Lifecycle 7.0.2 P14
- RSA Identity Governance & Lifecycle 7.1.0 P08
- RSA Identity Governance & Lifecycle 7.1.1 P02
- RSA Identity Governance & Lifecycle 7.2.0
Run the following query as avuser using a SQL client such as SQL Developer. If the query returns any output, please contact RSA Support and mention this RSA Knowledge Base Article ID 34893 for reference.
select * from t_ce_explicit_relations where (entitled_id, entitled_type, entitlement_id, entitlement_type) in (select entitled_id, entitled_type, entitlement_id, entitlement_type from t_ce_explicit_relations group by entitled_id, entitled_type, entitlement_id, entitlement_type having count(*) > 1) order by entitled_type, entitled_id, entitlement_id;
Related Articles
GUI shows initialization error "ORA-04063: package body "AVUSER.UTILITIES_PKG" has errors" after patching to 7.5.2 P07 in … 393Number of Views 8.5P4 linux webtier shows online-reinstall required 349Number of Views Unable to check NTP status using ntpq -p command on RSA Authentication Manager 8.x 1.62KNumber of Views RSA Identity Governance and Lifecycle 7.0.1 P01 installation gets stuck at message of undeploying current ear and deployin… 172Number of Views Error "Request Entity Too Large" when upgrading RSA Authentication Manager from versions (8.2 SP1 up to 8.4 P13) to 8.5 361Number of Views
Trending Articles
RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA MFA Agent 2.5 for Microsoft Windows Installation and Administration Guide How to manipulate imported RSA SecurID Software Token(s) on an iPhone or iPad device Artifacts to gather in RSA Identity Governance & Lifecycle