What's New
RSA Governance & Lifecycle version 8.0.0 P08 introduces features designed to enhance system efficiency, automate key tasks, and improve visibility. With updates like Database Defragmentation, Duplicate Data Cleanup, Role Definition Review (New UI) including the Insights and Guidance part, Send Email, Sign Off, and Delegation, this release reduces manual intervention, optimizes performance, and bolsters security.
Highlighted Features
Database Defragmentation
In Oracle database, the users may observe performance issues and excess space usage due to fragmentation of data. It is usually observed that when data is modified or deleted, its movement across blocks can cause free pockets of space and existing free space is not reused/unallocated by oracle processes immediately. This whole process can cause fragmentation of data in database tables and indexes.
To address the complexities and various steps involved in the process of defragmentation, the feature is now available on RSA Governance & Lifecycle UI and can be accessed from Admin > Diagnostics > Segment Advisor tab. The button Defragment Tables/Indexes is visible to admin users only and is shown in disabled state when the application is not in maintenance mode.
Note: The Defragmentation option on the UI is available for all types of environments/databases.
Duplicate Data Cleanup
The Duplicate Data Cleanup feature in RSA Governance & Lifecycle provides a structured mechanism to systematically identify and remediate duplicate user and account records within the system.
It can be accessed by users from Collectors > Duplicate Data Cleanup. This feature marks duplicate users/accounts without physically deleting them from the underlying database tables. Instead, they are logically flagged as duplicates, preserving data integrity while ensuring that these records are excluded from further processing within the application. This approach helps maintain the uniqueness and consistency of user and account data across the system.
Role Definition Review New UI – [Public Preview]
The feature is not intended for production use and is hidden by a custom feature flag named FeatureFlag.UseEnhancedUIForReviews. When this feature is enabled (only by Admin user), from Admin > System > Settings tab > Edit > Custom, reviewers are provided with a toggle option, from Home > Reviews > My Reviews page > Use the new UI toggle, to allow experiencing new UI.
- When the toggle is turned ON, opening any user review will provide the new UI experience.
- By turning the toggle OFF, users will be able to perform the reviews using existing UI.
This beta feature is available to all customers for testing.
If you test the new UI, please send us your feedback or questions via gl-beta-feedback@rsa.com. Please do not contact RSA Technical Support or do not open a Technical Support Case if you have any feedback on this beta feature.
Insights & Guidance
In this feature you can view all reviews and review items information in a brief. It is like a statistical view helping you to monitor reviews displayed according to their severity; critical, moderate, and minor.
Send Email
In this feature you can send an email to multiple users who are interested in the review process, in case they need to take any action regarding the respective review. Note that this feature already exists in the old UI and is now implemented to the new UI as well.
Sign Off
In this feature you can sign-off review items leading to committing your changes and effectively completing the review. Once you sign off a review, it becomes dimmed; you cannot apply changes to it. Note that this feature already exists in the old UI and is now implemented to the new UI as well.
Delegate
In this feature you can reassign the review to another user/reviewer other than the current one. It has been addressed before in RSA Governance & Lifecycle as Reassign Review. Note that this feature already exists in the old UI and is now implemented to the new UI as well.
New Features
| Feature | Description |
| ACM-132884 | Export Data to PDF: In the new user review interface, review items table can now be exported to PDF in addition to existing support for CSV. |
| ACM-132297 |
Email Timeout: New Mail Polling Connection Timeout and Mail Polling Read Timeout settings have been added under the Approval Email Server section > Email > Settings. These settings have a default timeout value of 180 seconds and help improve email performance by preventing the system from hanging during mail server connection attempts. |
| ACM-132103, ACM-132101, ACM-129940 | Password Decryption for Generic REST Collector Metadata: Now, the Generic REST Collector Metadata import/export supports password decryption only within the same environment, or across environments when encryption keys are also transferred. |
| ACM-132086 | AES for AFX: In AFX, Blowfish algorithm is replaced with AES algorithm to encrypt or decrypt data. |
| ACM-131997 | AFX Spring Upgrade: Spring libraries in AFX have been upgraded. (Spring jar has been upgraded from v5.3.37 to v5.3.39, and the Spring Security jar has been upgraded from v5.8.13 to v5.8.16) |
| ACM-131760, ACM-131331, ACM-131255, ACM-131188, ACM-121468 | Graph API for Incoming Email: The Microsoft Graph API protocol has been integrated to facilitate the reading of incoming approval emails. This can be configured under Email Settings > Approval Email Server > Inbound/Reply Server > Protocol dropdown menu. |
| ACM-131695, ACM-131444, ACM-131221, ACM-130976 | Remove Duplicate Users/Accounts: Now, a user can view duplicate Users or Accounts on the UI > Collectors > Duplicate Data Cleanup > Users and Accounts tabs. A hyperlinked Info Icon is available for each duplicate user, showing the user’s information when you click it. |
| ACM-131635 | Workflow Upgrade: Workpoint version has been updated to 4.50.16. |
| ACM-131151, ACM-131129 | Pending Change Request Notifications: A new Custom Event named Pending Change Requests has been introduced. This event identifies the number of pending change requests for a user and triggers notifications based on the configured Pending Change Requests Threshold and Notification Frequency. |
| ACM-131083 | System Indicator Discrepancies: Now, under Admin > Workflow > Monitoring, both orphaned watches and pending verification item counts are displayed accurately, considering only CRs in a Pending state and watches with status set to Open, as per configuration. |
| ACM-130042 | Expanded Multi-Value Attributes for LDAP: LDAP type Connectors supports multi-valued attributes for Creation and Update (Account/Group) capabilities in single operation. |
| ACM-129653 | Performance Improvement: Session information for nodes that are experiencing cluster communication issues, is no longer retrieved to display on the UI > Admin > Monitoring > Performance Summary page. |
| ACM-126520 | Spring Upgrade: Spring libraries (spring-aop, spring-context, and spring-beans) have been upgraded. |
| ACM-126518 | Spring-Core Upgrade: Spring-core on ACM and AFX has been upgraded including the dependency of WFArchitect. |
Enhancements
| Feature | Description |
| ACM-132029 | LDAP Connectors now support updating the CN and Distinguished Name attributes of Account/Group. |
| ACM-131500 | The SCIM Connector has been enhanced to NOT include the version number in the URL when the field SCIM Version is left blank. |
| ACM-131499 | The SCIM Collector has been enhanced to NOT include the version number in the URL when the field Version is left blank. |
| ACM-130634 | The response time to display Data Run information on the History tab for Rules and the Collection History tab for Collectors has been improved. |
| ACM-130633, ACM-130632 | The response time for displaying Approvals and Activities pages for Requests has been enhanced. The counts for the Approvals and Activities state buttons are now loaded lazily. When switching between subtabs, the cached state count is utilized rather than recalculating it, leading to an improvement in response time. |
| ACM-130553 | Workpoint has been updated to version 4.50.16, and now the values for wp-client-protocol, wp-client-hostname, and wp-client-hostport are displayed properly in workpoint.log. |
| ACM-130409 | The time spent on each specific rule action has been added to the task progress table in the rule processing run. |
| ACM-130021, ACM-130015 | The response time for the Request page has been enhanced. The count for the Request State subtab is now loaded lazily. When switching between subtabs, the cached state count is utilized rather than recalculating it, leading to an improvement in response time. Response time for the Request tab under User page, and Rules page have also been improved. |
| ACM-129368 | A new custom flag custom.EmailLogParallelOptimization has been introduced to optimize the performance in displaying the email log under Admin > Email > Log. The performance improvement is seen when the flag is set to true. The default value for the flag is false. |
| ACM-129338 | In the committed Role, if a user modifies the membership rule without making any configuration changes upon clicking OK, the Role state remains unchanged, also the page response time has been enhanced. |
| ACM-123379 | Rule Processing has been improved by introducing a Status bar showing the CR generation in progress. |
Fixed Issues
| Issue | Description |
| SF-02691844 ACM-133617 | Now, in the Java Code-Based Connector, the custom settings parameter values no longer have additional closed parenthesis “)” character as suffix. The custom setting parameter parsing is now working successfully. |
| SF-02689245 ACM-133475 | When running the EDCs & ADCs for the Generic REST endpoint, the Collectors that are scheduled as Daily are now triggered once a day. |
| ACM-133191, ACM-132237, SF-02679743 ACM-132505 | In Generic REST collector, restricted updates to the T_SCHEDULED_TASKS table during token generation to prevent duplicate entries and deadlock exceptions. |
| SF-02671969 ACM-132464 | In the LDAP Type connectors, restricted logging of security credentials during connection. |
| SF- 02670570 ACM-132363 | The AD Account creation with accountExpires attribute and with or without output parameter configured is now working successfully. |
| SF-02677298 ACM-132350 | Now, both the Role and Multi-App Collectors no longer throw errors in the Configuration. The issue of throwing errors despite entering correct credentials has been fixed, and the connection works successfully. |
| SF-02673670 ACM-132216 | The PARENT_ENT_ID/PARENT_ENT_NAME fields are now populated when a user with multiple accounts creates a change request from the Add Access option under the User tab. |
| SF-02674446 ACM-132170 | The REST Collector supports attributes mapping by handling both Array/Map format in the JSON response. |
| ACM-131558 | The page title shown on the web browser tab for the new review UI now displays properly along with RSA logo. |
| ACM-131358 | The java.lang.NoClassDefFoundError no longer occurs for AD and LDAP based connectors during the processing of capabilities. |
| ACM-132064 | Token refresh operation no longer occurs for inactive or disabled Generic REST Collectors. |
| SF-02670954 ACM-132040 | Purging is now working successfully on Step 9/16 (it no longer gives an error). |
| SF-02669831 ACM-132037 | Signoff is now working successfully for Role Review. The system now correctly recognizes and processes these items, ensuring smooth signoff without errors. |
| SF-02669724 ACM-131852 | The Forget Password option is now working properly when there are multiple users with same name and reset password operation is supported for active users only. |
| SF-02669457 ACM-131792 | The login page now displays properly reflecting the maintenance mode state when Maintenance Mode has been enabled and then Oracle Database is shutdown. |
| SF-02663424 ACM-131765 | A new custom flag excludeDelOrphInPwdMgmtNotif has been added with a default value of true. When set to true (or when not defined and defaults to true), the password expiration notifications are skipped for deleted or orphaned accounts. Setting this flag to false will result in sending notifications for deleted or orphaned accounts. |
| ACM-131719 | The issue where filtering by Email Thread in Email Logs did not work correctly, for the ReviewCompleteEvent and ReviewNotGeneratedEvent email types, has been fixed. |
| ACM-131717 | The SSH connection has been enhanced by enabling the custom flag: custom.useLatestSSHVersionInConnector = true. Enabling this flag allows the connector to use TLS 1.2 ciphers, which should resolve issues, such as algorithm negotiation-related issues. By default, the custom.useLatestSSHVersionInConnector flag is set to false, and the SSH connector continues to operate with the existing TLS cipher support. |
| SF-02666232 ACM-131683 | When the Approval and Fulfillment Process is set to ANY, the corresponding Approval and Fulfillment Workflows will appear in the Request Workflow. |
| SF-02665554 ACM-131668 | The semicolon (;) is now supported in the stored procedure statement in the Generic Database Connector. |
| SF-02666422 ACM-131662, SF-02660429 ACM-131488 | Restricted updates have been made to the Generic REST Collector history table during token renewal to avoid configuration UI performance issue. |
| ACM-131560 | The Group objects are now having a Status attribute which supports using the SCIM collector for ValueCloud. |
| SF-02660136 ACM-131518, SF-02660133 ACM-131517 |
The following redundant JAR files have been removed from the application package:
|
| SF-02661257 ACM-131413 | When the HideAlreadyAddedEntitlementForParticularAccount flag is set to true, users cannot request entitlements already assigned to them indirectly, these entitlements are hidden from the Add list. |
| SF-02660793 ACM-131405 | Now, when Archiving and Purging data, the old CR approvals no longer appear under My Approvals. |
| SF-02653162 ACM-131344 | In the App Metadata Collectors, Custom Attributes in the Applications Version table are now working properly. |
| ACM-131343 | A filter has been added to exclude indirect access elements in Data Resource Access reviews, aligning it with other review types for consistent and accurate results. |
| SF-02661326 ACM-131341 | Ports 5672, 61613, 1883, and 61614 are no longer being used when starting the AFX. |
| SF-02660699 ACM-131340 | Data Archiving performance has been enhanced (it no longer takes long time). |
| SF-02660949 ACM-131300 | Now, when changing the UI Language, both Notifications and the Help button tooltip correctly display the selected language. |
| ACM-131235 | The SCIM Connector now creates accounts properly with active property set to true. |
| ACM-131234 | Support has been provided for use of the content type and accept request header in test connection which is configured in SCIM Connector. |
| ACM-131049 | The Multi-App Collector is now working properly (it no longer throws errors). |
| SF-02657305 ACM-131000 | Support has been provided for the content type text/html in the request body for RESTful Webservice Connector. |
| ACM-130908 | Upon saving the Role Review with a high level of maintenance, the associated changes are now reflected in the Role Membership, and Role Entitlement tabs located on the Role Summary page. |
| SF-02646025 ACM-130876 | In the Role Review, in the History log, the correct actor is now consistently recorded across all components. |
| SF-02649180 ACM-130751 | Fields are displayed correctly for Request Forms when the check box Hide table if empty is marked. |
| SF-02651832 ACM-130707 | The Review Definitions are now working properly and do not show errors. |
| SF-02650671 ACM-130646 | When a new Wait for Verification node was added, the UserData panel included the key VerifyOpenActivity with the value VerifiedToComplete. However, this status was not being recognized correctly, causing requests to remain stuck in the Wait for Verification phase. This has now been fixed so requests progress as expected. |
| SF-02646657 ACM-130508 | The Role Collectors performance has been enhanced (it no longer takes a long time). |
| SF-02647887 ACM-130497 | The SOAP Webservice Connector Capabilities are now working successfully with proxy configuration. |
| SF-02623450 ACM-130341 | The ADC Data Collector's post-processing procedure has been updated to handle duplicate accounts in the T_AV_ACCOUNTS table. Specifically, if a user has an Active Account and an Orphaned Account with the same name, the orphaned duplicate will be processed for deletion. It will be marked by prefixing its name with Duplicate_Accounts_Account_name, and its deletion_date will be set to sysdate. This action effectively deletes the orphaned account from the user's perspective, making it unusable. This new feature does not impact the existing "Duplicate Data Cleanup" functionality. |
| SF-02633006 ACM-130290 | In Java Code-Based Connector, custom settings parameter with parenthesis issue is handled and working properly. |
Known Issues and Limitations
| Issue | Description |
| ACM-134066 |
Unable To Install 8.0.0 P08 Build on the WebLogic Setup.
|
Platform Matrix
The latest application server and JDK version have been certified for this release.
| RSA Governance & Lifecycle Software Bundle | Software Only (WebLogic or WebSphere) | RSA Governance & Lifecycle Virtual Application | Container | |
| Application Server Version | ||||
| WildFly 24.0.1 Included | Qualified | N/A | Qualified | Qualified |
| WebLogic 14.1.1.0 | N/A | Qualified | N/A | N/A |
| WebSphere 9.0.5.21 | N/A | Qualified | N/A | N/A |
| JDK Version Certified | ||||
| AdoptOpenJDK 1.8.0_462 | Qualified | N/A | Qualified | N/A |
| Oracle JDK 1.8.0_461 (WebLogic) | N/A | Qualified | N/A | N/A |
| IBM JDK 1.8.0_461 (WebSphere) | N/A | Qualified | N/A | N/A |
| Operating Systems | ||||
|
SUSE (SLES 12 SP5, and SLES 15 SP7) | Qualified | N/A | Qualified | N/A |
|
Red Hat (RHEL 8.10 and RHEL 9.6) | Qualified | N/A | N/A | N/A |
*RSA Governance & Lifecycle Virtual Application deployments are now supported on Nutanix through the OVA file installation method.
Prerequisites for Applying Patch (v8.0 P07 or Later)
When using a customer-supplied Oracle Database, or RSA-Supplied Database installed remotely, update the AVUSER and AVCSUSER schema as follows:
- Log in as SYS user (or another user with SYSDBA privilege) in SQLPLUS (or another database tool like SQL Developer).
- Run the following script to grant permission on the following objects:
GRANT EXECUTE ON SYS.DBMS_CRYPTO TO AVUSER;
GRANT EXECUTE ON SYS.DBMS_LOCK TO AVCSUSER;
Note: If the AVUSER schema name is other than AVUSER, replace AVUSER with the appropriate schema name.
Product Support with Operating System
Installing RSA Governance & Lifecycle on Red Hat 9.4+
RSA Governance & Lifecycle version 8.0 P05 and later software bundle is now supported on RHEL 9.4+, however, RSA Governance & Lifecycle 8.0 must first be installed on RHEL 8, complete all the pre-requisites described below, and then upgrade the operating system from RHEL 8 to RHEL 9.4+.
Before upgrading your system from RHEL 8 to RHEL 9.4, ensure the following steps are completed:
- Apply patch 8.0.0 P05 or later successfully on the existing RHEL 8 system.
- Apply the latest Appliance Updater for Oracle Database to the existing RHEL 8 system containing the RSA-provided database.
After completing the upgrade to RHEL 9.4, assure the following:
- The RSA-supplied JDK is installed and available.
The following packages are required for Red Hat Enterprise Linux 9.4 environments, and may need to be explicitly installed in addition to the operating system.
|
binutils-2.35.2-43.el9.x86_64 |
make-4.3-8.el9.x86_64 |
|
gcc-11.4.1-3.el9.x86_64 |
sysstat-12.5.4-7.el9.x86_64 |
|
gcc-c++-11.4.1-3.el9.x86_64 |
javapackages-tools |
|
glibc-2.34-100.el9.x86_64 |
lcms2 |
|
glibc-devel-2.34-100.el9.x86_64 |
syslinux |
|
ksh |
dejavu-sans-fonts |
|
libaio-0.3.111-13.el9.x86_64 |
dejavu-serif-fonts |
|
libaio-devel-0.3.111-13.el9.x86_64 |
dejavu-sans-mono-fonts |
|
libgcc-11.4.1-3.el9.x86_64 |
fontconfig |
|
libstdc++-11.4.1-3.el9.x86_64 |
zip |
|
libstdc++-devel-11.4.1-3.el9.x86_64 |
unzip |
|
libXi-1.7.10-8.el9.x86_64 |
libns |
|
libXtst-1.2.3-16.el9.x86_64 |
Once all the prerequisites have been completed as described above, start RSA Governance & Lifecycle Services.
RSA Governance & Lifecycle Product Version Lifecycle
RSA has a defined End of Primary Support policy associated with all major versions. For more details, please refer to the Product Version Life Cycle for RSA Governance & Lifecycle.
As of RSA Governance & Lifecycle v8.0.0 P08, RSA G&L v7.5.2 is now EOPS.
Related Articles
RSA Governance & Lifecycle 8.0 Patch 08 Release Notes Number of Views RSA Governance & Lifecycle 8.0 Patch 05 Release Notes Number of Views RSA Announces the Availability of RSA Governance & Lifecycle 8.0 Patch 06 Number of Views RSA Announces the Availability of RSA Governance & Lifecycle 8.0 Patch 04 Number of Views RSA Announces the Availability of RSA Governance & Lifecycle 8.0 Patch 08 Number of Views
Trending Articles
RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Release Notes for RSA Authentication Manager 8.8 RSA Authentication Manager 8.9 Release Notes (January 2026) Supported On-Demand Authentication (ODA) SMS providers for use with RSA Authentication Manager 8.x Deploying RSA Authenticator 6.2.2 for Windows Using DISM
