SecurID^® Governance & Lifecycle

Article Number 000067900 Applies To RSA Identity Governance & Lifecycle 7.2.1, 7.5.0 SecurID Governance & Lifecycle 7.5.2 Issue Attribute Change Rule is detecting users as having changed but no Change Request is created to remove or add users to the role. The Attribute Change Rule shows the following message indicating that the Rule was run correctly: Number of existing users whose attributes changed: xx The following message is logged in aveksaServer.log file: 05/25/2021 03:13:09.780 ERROR (Exec Task Consumer#0 - Sequence) [com.aveksa.server.core.rule.RuleServiceUtil] Error method=Action com.aveksa.server.core.rule.action.changerequest.ChangeRequestAction@3f8943e com.aveksa.server.core.AdminServiceException: java.lang.IllegalArgumentException: Comparison method violates its general contract!   Cause This is a known issue in the following versions. The issue was caused by a problem with the way entitlements for application roles were sorted. RSA Identity Governance & Lifecycle 7.2.1 RSA Identity Governance & Lifecycle 7.5.0 SecurID Governance & Lifecycle 7.5.2   Resolution This is resolved in the following versions: RSA Identity Governance & Lifecycle 7.2.1 P08 RSA Identity Governance & Lifecycle 7.5.0 P05 SecurID Governance & Lifecycle 7.5.2 P01 ... View more

Article Number 000067899 Applies To RSA Identity Governance & Lifecycle 7.2.0, 7.2.1 Issue When starting RSA Identity Governance & Lifecycle after upgrading or patching, the following Warning message is displayed on the UI under Admin > Diagnostics > General tab: The Oracle version 19.0.0.0 is not supported. The supported versions are 12.1.0, 12.2.0.   Cause This message is correct for RSA Identity Governance & Lifecycle version 7.1.1 and earlier.   This is a known issue in RSA Identity Governance & Lifecycle 7.2.0 and 7.2.1 versions. Certification of Oracle Database 19c for RSA Identity Governance & Lifecycle 7.2.0 and 7.2.1 was completed AFTER the release of these versions.  Oracle 19c is supported on these versions but the warning level message will be shown until you upgrade or patch to the version where this issue is resolved. Resolution This issue is resolved in the following versions: RSA Identity Governance & Lifecycle 7.2.1 P03 RSA Identity Governance & Lifecycle 7.5.0 SecurID Governance & Lifecycle 7.5.2 Workaround The warning message may be ignored. ... View more

Summary RSA announces the availability of Patch 11 for RSA Identity Governance & Lifecycle 7.2.1. This release contains numerous fixes and improvements. See the RSA Identity Governance & Lifecycle 7.2.1 Patch 11 Release Notes  for information about the contents of the patch. Recommendation: RSA strongly recommends that customers upgrade to this latest update. Please note that all patches are cumulative. Obtaining Software and Documentation: The Release Notes are available in the RSA Identity Governance & Lifecycle 7.2.1 documentation area. You can access the RSA Identity Governance and Lifecycle 7.2.1 Patch 11 software in the RSA Identity Governance & Lifecycle 7.2.1 Downloads area on RSA Link. In the Download area, click Full Product Downloads to open myRSA and to view a list of your purchased products. Select the appropriate license link to access the RSA Identity Governance and Lifecycle software downloads. Contact RSA Customer Support if any licenses for products you have purchased are missing from the list. EOPS Policy: RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle for additional details. ... View more

Article Number 000067902 Applies To This issue affects customers upgrading to the following version: SecurID Governance & Lifecycle 7.5.2 (original GA build 181918) This issue affects customers patching to the following patches: RSA Identity Governance & Lifecycle 7.2.1 P06, P07, P08, P09, P10 RSA Identity Governance & Lifecycle 7.5.0 P01, P02, P03, P04, P05, P06 SecurID Governance & Lifecycle 7.5.2 P01, P02 The above patches and versions are no longer accessible for download on myRSA, however customers who downloaded these versions previously may be affected. Issue After upgrading or patching to the affected versions, Change Requests created before the upgrade or migration may be missing certain information or may not display the information correctly. New Change Requests created after upgrading or patching are not affected. Historical Change Requests in Completed State or Cancelled State will not show Task information. For Change Requests in active states such as Approval State or Fulfillment Phase, the missing Task information can cause the following problems: Task is missing from Change Requests in Fulfilment phase The detailed Account Changes on the Approval Phase for the Change Request do not display. (The information is not deleted but it does not display because the Task is missing.) Task column on the Request > Activities menu is blank If a Change Request configured for Automatic Fulfillment (AFX) has a missing task and is subsequently approved, Automatic Fulfillment fails and fallbacks to Manual Fulfillment Reports based on table views, that source data from table T_AV_WFJOB_ITEMS, may not show information related to Change Requests Example of a Change Request in Manual Fulfillment that properly shows a Task (when using an unaffected patch/version):   Example of  an active Change Request in Manual Fulfillment showing a missing Task, due to applying an affected patch/version:     Cause During patching (or upgrade) to the affected patch (or version): Tasks are incorrectly removed from active Change Requests. (Active Change Requests are requests in flight at the time of the patch or upgrade that are not in COMPLETED state.)  For example, Manual Fulfillment does not show the Task information.  This prevents an Approver from understanding what was requested and completing the Approval correctly. Change Requests completed prior to the migration do not show the Task information. This prevents reviewing historical information related to the Tasks associated with completed Change Requests. Any new Data Archiving run results in wrong data for Change Requests being archived and subsequently removed by the purge process of the Archiving run. Note that Data Purging, not related to Data Archiving, is not affected. This missing data is NOT recoverable. This issue does not affect new Change Requests created after the patching (or upgrade). Resolution This issue is resolved for customers upgrading to the following version: SecurID Governance & Lifecycle 7.5.2 (updated build 182548) This issue is resolved for customers patching to the following versions: RSA Identity Governance & Lifecycle 7.2.1 P11 RSA Identity Governance & Lifecycle 7.5.0 P07 SecurID Governance & Lifecycle 7.5.2 P03 (build 182548) This issue is NOT resolved for customers upgrading to the following version: SecurID Governance & Lifecycle 7.5.2 (original GA build 181918) (Customers who must upgrade to the affected 7.5.2 build 181918, should refer to the Workaround section.) Guidelines: Customers patching from one of the non affected patches or versions  to one of the versions listed in this section where the issue is resolved do not have to take any action. Customers who have already patched or upgraded to one of the affected versions and are NOT using Data Archiving do not have to take any action but should read the notes in the "Workaround" section.  Customers who have already patched or upgraded to one of the affected versions and ARE using Data Archiving should refer to the "Workaround" section. Customers intending to upgrade or patch to one of the affected versions are advised to instead upgrade or patch to one of the resolved versions. Otherwise refer to the "Workaround" section. Workaround In all instances, the first choice for customers is to upgrade or patch to a version where this issue is resolved.  If you are unable to do so, the following detailed guidance is provided for each use case: Customers intending to upgrade to the affected version 7.5.2 (original GA build 181918) listed in the "Applies to section" must apply the "Pre-fix" BEFORE attempting the upgrade.  See the section marked "Pre-fix".  When prompted by the Pre-fix script for a target release, enter "7.5.2". Customers intending to patch to one of the affected patches listed in the "Applies to" section must apply the "Pre-fix" BEFORE attempting the patching.  See the section marked "Pre-fix". When prompted by the Pre-fix script for a target release and patch, enter the corresponding target version (one of 7.2.1, 7.5.0, or 7.5.2) and the corresponding target patch (e.g., P01, P06, P10) you intend on upgrading or patching to. Customers who have just recently patched or upgraded to one of the affected patches or versions listed in the "Applies to" section are advised to contact SecurID Support for assistance in reverting back to a known good patch and restoring the database from backup.  Customers will need to apply the "Pre-fix" before attempting the patch or upgrade again. When prompted by the Pre-fix script for a target release and patch, enter the corresponding target version (one of 7.2.1, 7.5.0, or 7.5.2) and the corresponding target patch (e.g., P01, P06, P10) you intend on upgrading or patching to. Customers who previously patched or upgraded to one of the affected patches or versions listed in the "Applies to" section should note that Change Requests in Active State at the time of the patching or upgrade may not be able to move to completion.  The problem Change Requested may be cancelled and new Change Requests can be created if this is feasible. Customers who previously patched or upgraded to one of the affected patches or versions listed in the "Applies to" section and are using Data Archiving (Data Purging is not affected) need to apply the "Pre-Fix before using Data Archiving. When prompted by the Pre-fix script for a release and patch, enter the version and patch you are currently on.   Pre-fix: If you require the Pre-fix script, contact RSA Customer Support and quote this KB article.  A Pre-fix is available that prevents the incorrect data from being removed during patching or upgrading to an affected patch or version.  The Pre-fix can be run at any time before patching or upgrading. Apply the Pre-fix (Inflight_workflow_ACM-113586_05112022.sql) Enter the version and patch number as noted for your use case above. Patch or upgrade to the version or patch you indicated. As soon as practicable upgrade or patch to a version listed in the Resolution section. Notes Note 1 - This issue also affects customers who use Data Archiving (Data Purging is not affected).  Customers on any of the affected patches are advised not to create Data Archives until they have patched to the fixed patch/version or applied the Pre-fix. Note 2 - Customers patching from one of the affected versions to a different affected version only need consider the impact of original affected patch.  The tasks are only removed on the first patching event. Note 3 - Reference SecurID Governance & Lifecycle Product Advisory at: Urgent SecurID Governance and Lifecycle Product Advisory – Request Activities Task Information Missing after Migration ... View more