Chat now with support
Chat with Support

Identity Manager On Demand Hosted - Release Notes

Release Notes

One Identity Manager 8.2.1

Release Notes

29 April 2022, 10:34

These release notes provide information about the One Identity Manager release, version 8.2.1. You will find all the modifications since One Identity Manager version 8.2 listed here.

One Identity Manager 8.2.1 is a patch release with new functionality and improved behavior. See New features and Enhancements.

If you are updating a One Identity Manager version older than One Identity Manager 8.2, read the release notes from the previous versions as well. You will find the release notes and the release notes about the additional modules based on One Identity Manager technology under One Identity Manager Support.

One Identity Manager documentation is available in both English and German. The following documents are only available in English:

  • One Identity Manager Password Capture Agent Administration Guide

  • One Identity Manager LDAP Connector for CA Top Secret Reference Guide

  • One Identity Manager LDAP Connector for IBM RACF Reference Guide

  • One Identity Manager LDAP Connector for IBM AS/400 Reference Guide

  • One Identity Manager LDAP Connector for CA ACF2 Reference Guide

  • One Identity Manager REST API Reference Guide

  • One Identity Manager Web Runtime Documentation

  • One Identity Manager Object Layer Documentation

  • One Identity Manager Composition API Object Model Documentation

  • One Identity Manager Secure Password Extension Administration Guide

For the most recent version of the product information, see the One Identity Manager documentation.

Topics:

About One Identity Manager 8.2.1

One Identity Manager simplifies the process of managing user identities, access permissions and security policies. It gives control over identity management and access decisions to your organization, freeing up the IT team to focus on their core competence.

With this product, you can:

  • Implement group management using self-service and attestation for Active Directory with the One Identity Manager Active Directory Edition

  • Realize Access Governance demands cross-platform within your entire concern with One Identity Manager

Each one of these scenario specific products is based on an automation-optimized architecture that addresses major identity and access management challenges at a fraction of the complexity, time, or expense of "traditional" solutions.

One Identity Starling

Initiate your subscription within your One Identity on-prem product and join your on-prem solutions to our One Identity Starling cloud platform. Giving your organization immediate access to a number of cloud-delivered microservices, which expand the capabilities of your One Identity on-prem solutions. We will continuously make available new products and features to One Identity Starling. For a free trial of our One Identity Starling offerings and to get the latest product feature updates, visit cloud.oneidentity.com.

New features

New features in One Identity Manager 8.2.1:

General
  • Processing of the internal DBQueue Processor requests can be carried out by a service, the Database Agent Service. The Database Agent Service is deployed by a One Identity Manager Service plugin. The DatabaseAgentPlugin must be configured on the Job server that serves as the update server. An administrative user must be used for the database connection in the Job provider. Alternatively, the Database Agent Service can be run by the DatabaseAgent.exe command line program.

    If you use the Configuration Wizard to install or update the database, you can select whether to use the Database Agent Service or the SQL Server Agent for processing internal tasks in the database. The system configuration overview shows you which Agent is in use.

    IMPORTANT: This is an EXPERIMENTAL function. The performance impact on production systems has not been determined. Therefore this feature is not yet covered by support. However, you are welcome to try it (preferably in non-production systems) and if you have any feedback, send it to OneIM.Beta@oneidentity.com.

  • Querying secrets in process step parameters is supported. Syntax: &SECRET(Name)&

    In the One Identity Manager Service configuration, secrets that are allowed to be used as replacements are given in the SecretsAllowList parameter. The SecretsFolder parameter specifies the directory where the secrets files are located.

  • Querying environment variable in process step parameters is supported. Syntax: &ENV(variable name)&

  • In the One Identity Manager Service configuration, HTTP headers for the status page can be configured in the HTTPHeaders parameter.

  • The command line program DBConsCheckCmd.exe is deployed for running consistency checks.

  • To stop properties from being edited, users require the Allows a change lock to be set for specified properties of individual objects program function (Common_AllowPropertyLocks).

    If certain users are supposed to be able to lock properties for editing, you can assign the permissions to the users through permissions groups. The QBM_PropertyLock permissions group is provided for non-role based login. For role-based logon, the Basic Roles | Lock single properties application role is provided.

Web applications
  • Changed the heuristics for detecting the time zone to use browser standards.

  • Added a code sample that shows how to integrate a multi-factor authentication provider for session authentication.

  • It is now possible to upload and host custom versions of standard HTML applications (for example, the Web Portal).

  • For HTML applications, it is possible to convert local changes to global changes using a configuration in the Administration Portal.

  • In the Administration Portal you can define your own logo for the Web Portal.

  • In the Password Reset Portal, it is now possible to register as a new user or create a new user account.

  • In the Operations Support Web Portal, it is now possible to display the number of processes per queue in a table as well as in a diagram.

  • Provisioning processes can be handled manually in the Operations Support Web Portal.

  • It is now possible to display additional columns and information in tables in the Web Portal (configurable in the Administration Portal).

  • Dynamic roles for memberships can be configured in the Web Portal.

  • In the Web Portal, it is now possible to manage request templates and use them for requests. You can create your own request templates.

  • In the Web Portal, owners can be assigned to devices. It is possible to claim ownerships of devices.

  • In the Web Portal, it is now possible to create new identities.

  • The history of an identity can be displayed in the Web Portal.

  • In the Web Portal, it is now possible to display rule violations and grant or deny exceptions.

  • The Web Portal can now display compliance rules.

  • In the Web Portal, it is now possible to request new SharePoint groups.

  • In the Web Portal, reports can now be managed (created, edited, deleted).

  • New functions in the Web Portal for locations, departments, cost centers, application roles, business roles, and system roles.

    • Rule violations can be displayed for locations, departments, cost centers, application roles, business roles, and system roles.

    • Departments, locations, cost centers, business roles, system roles can be split in the Web Portal.

    • It is possible to compare departments, locations, cost centers, business roles, and system roles.

  • The Web Portal shows which entitlements are lost if an attestation case is denied.

  • In the Web Portal, it is now possible to escalate attestation cases and request approvals.

  • In the Web Portal, pending requests that must be approved by others can be displayed on a tile on the home page.

  • In the Web Portal, it is now possible to delete the complete saved for later list.

Target system connection
  • Support for One Identity Active Roles version 7.5.

  • The Microsoft Exchange connector has read and write access to the attribute extensions (CustomAttibute 1 to CustomAttibute 15) for mailboxes, mail users, mail contacts, distribution groups, and dynamic distribution groups. To use the functionality, alter the mapping.

  • It is possible to prioritize data if the connector detects conflicts between database and target system when synchronizing with the One Identity Manager database.

  • If One Identity Safeguard is used for password management, sample scripts can now be used.

  • In the Synchronization Editor code snippets are provided that you can use as templates for reading a system user's password from an external password management system. These code snippets can be utilized when One Identity Safeguard is implemented for password management. The code snippets can be selected and customized when creating script variables.

  • The Azure Active Directory connector can load the creationType schema property of the User schema type. To use the functionality, alter the mapping.

Identity and Access Governance
  • Request and attestation case approvals using Starling Cloud Assistant.

    Adaptive cards can be used to allow approvers and attestors who temporarily do not have access to their One Identity Manager tools to approve requests and attest cases. Starling Cloud Assistant transfers the adaptive cards to the approvers and attestors, waits for their response, and sends the response to One Identity Manager. In Starling Cloud Assistant, transmission channels are configured and can be set separately for each recipient. Currently, Slack, or Microsoft Teams can be used.

    For adaptive card approvals and attestations, the approval steps, service items, or service categories specify whether a reason must be provided with the approval.

    Adaptive cards replace the Starling 2FA app approval. There is still support in the Starling 2FA app in version 8.2.1 for request approvals, but it is not enabled. The Starling 2FA app will be completely removed with the next One Identity Manager release. For more information, see Deprecated features.

  • Certification of new business roles, organizations, and application roles.

    The attestation functionality allows the main data of business roles, organizations, and application roles newly created in One Identity Manager to be attested and certified by its managers. The initial certification status is set by the QER | Attestation | <...> | InitialApprovalState configuration parameters. For roles with the New certification status, attestation is started and the certification status is updated according to the result.

See also:

Enhancements

The following is a list of enhancements implemented in One Identity Manager 8.2.1.

Table 1: General

Enhancement

Issue ID

The Can unsubscribe option (DialogRichMail.AllowUnsubscribe) can be customized for default templates.

34925

In the Job Queue Info, improved display of the change information for the CausingEntityPatch parameter. This parameter contains the patch that contains the changes to be provisioned.

34969

In the Job Queue Info, if an error occurs when the status is queried it is now shown. A detailed error message is displayed in the context menu.

35324

The documentation can now be displayed in the Launchpad.

34994

Improved permissions for the QBM_BaseRight permissions group.

35048

The information about public holidays has been updated.

35063

Altered bit positions of an assignment origin (XOrigin column) for assignment tables. The bit position 2 for assignments through a dynamic role has been removed.

35193, 35203, 35206

Kerberos support for HTTP authentication on the Job server.

35377

Improved performance of bulk processing DBQueue Processor tasks with large amounts of data.

34690

Improved performance when runtime plans are recompiled for the DBQueue Processor.

34803, 34813

Improved security settings for documentation.

35225

Improved testing to prevent blind SQL injections.

35166

Improved security for logging login attempts.

35230

The third-party component DevExpress has been updated.

35296

For security reasons, the HTML front-end of the application server can be disabled. To do this, add the following entry to the configuration file in the <server> section.

<!-- Do not provide the HTML/JS frontend -->

<add key="nofrontend" value="true" />

This also means that the API documentation in the application server, including the test options, is no longer available.

35345

For security reasons, the HTML front-end of the One Identity Manager Service can be disabled. To do this, enter the IP address of the Localhost (127.0.0.1) in the HTTP server IP address parameter.

35345

The application server displays a 406 Not Acceptable error message if the requested content type is not supported.

35314

The QER | Person | PasswordResetAuthenticator | SearchColumn configuration parameter has been extended so it is now possible to specify multiple columns. The columns can be delimited with a pipe (|).

34116

Table 2: Web applications

Enhancement

Issue ID

The Web Portal checks whether compliance rules can be violated by requesting an assignment to business roles or organizations, even if no employee is directly affected. This check can now be disabled.

35163

In the Operations Support Web Portal, the display of processes and filtering options has been improved.

293072

Applications can now be deleted in the Web Portal.

261577

The Web Portal displays details of products such as keywords, description, permission type, and inherited permissions.

279436

In the Web Portal, it is now possible to view reports directly in the browser.

293386

The Web Portal now displays compliance violations in the request history.

294063

The Web Portal now makes it possible to add additional reports, account definitions, and disabled Azure Active Directory service plans to a shop's shelf.

294072

Requesting for other identities in the Web Portal has been revised.

294912, 30104

The Web Portal can filter user accounts and system entitlements by target system and container.

296472

The Web Portal displays rule violations for attestation cases.

297245

The Web Portal now makes it possible to view additional information such as memberships, rule violations, reports, and assignment analysis.

298169

Improved Web Portal performance.

31057

The contents of the Attestation of my permissions tile on the Web Designer Web Portals home page have been improved.

30350

In the Web Designer Web Portal, no more empty directories are displayed in the main data of roles.

35066

Applications must now authenticate themselves with a special key (Trusted Source Key). During the initial installation, the trusted source key is configured automatically.

After upgrading the One Identity Manager to version 8.2.1, you must actively configure the trusted source key.

To configure the trusted source key

  1. On the server where the web application is installed, open a command line utility with administrator privileges.

  2. Change to a directory with installed One Identity Manager development tools.

  3. Call the following command:

    imxclient edit-config /path <web.config file path> -T

    (for example imxclient edit-config /path c:\inetpub\wwroot\apiserver\web.config -T)

    or

    imxclient edit-config /path <web.config file path> /trustedsourcekey <Key>

301102

In the Administration Portal, you can now configure whether only products that have already been requested within the peer group are displayed when a request is made through a peer group.

295703

In the Administration Portal, the use of the Auth Token can now be disabled in the configuration.

301952, 35271

Security for StsSetup has been increased.

300583

The RSTS was updated to version 2022-03-30.1.

305080

Transfer of log entries from the web client to the server can now be disabled. To do this, add the following entry to the web.config file under <appSettings>:

<add key="DisableClientLog" value="true" />

34937

Table 3: Target system connection

Enhancement

Issue ID

The time the synchronization finished is recorded in the synchronization log.

34841

The password of the synchronization user for synchronizing Oracle E-Business Suite is stored as a variable and can be encrypted separately on an encrypted database.

A patch with the patch ID VPR#34775 is available for synchronization projects.

34775

A list of SAP user accounts that cannot be edited in One Identity Manager has been added to the One Identity Manager Administration Guide for Connecting to SAP R/3.

35331

Improved support for synchronizing child systems of a CUA that are not in the same SAP system as the central system.

A patch for synchronization projects with patch ID VPR#35118 is provided.

35118
Improved support for dynamic groups in Azure Active Directory. 34777

Improved mapping of the recipient type of an Exchange Online mail user.

A patch for synchronization projects with patch ID VPR#34938 is provided.

34938

The Active Roles connector can use the One Identity Manager Service's user account to log in on the target system. To do this, the Use current credentials (current user/service account) option is ensbled on the Credentials page in the project wizard.

34391

Improved support for the Microsoft Exchange mailbox permissions Send As and Full Access.

A patch for synchronization projects with patch ID VPR#21073_2 is provided.

21073

Improved email address uniqueness checking for remote mailboxes.

35080

On the overview forms of LDAP user accounts, LDAP groups, and LDAP computers, the domain is also displayed.

34483

When automatically requesting Exchange Online mail-enabled distribution groups, the members of a group of administrators are now also used as product owners.

34850

When deleting Exchange Online mail-enabled distribution groups and Office 365 groups, as well as when deleting group memberships, the associated Azure Active Directory objects are also deleted.

34855

Improved object search in the target system during provisioning.

34184

The Synchronization Editor can display additional information about the connected target system.

33482

New synchronization projects cannot be set up nor system connections created for connectors marked as obsolete.

34479

System objects in system connectors now use less base memory.

35032

Improvements in the dialog for editing schema properties in the Synchronization Editor.

35252

The DPR_Migrate_Shell process has been given a higher priority to complete before any synchronization or provisioning processes start.

34903

Error provisioning a Google Workspace environment are caught when changing assignments of products and SKUs to user accounts, changing only the license but leaving the product identical.

32276

Support for SAP S/4HANA also with SAP BASIS version 7.53.

35279

Improved documentation of the permissions required for synchronizing with Oracle E-Business Suite.

34119

When using the /VIAENET/READTABLE function module, the table access permissions can now also be defined using the S_TABU_NAM or S_TABU_DIS authorization objects. These are tested equally.

35465

Table 4: Identity and Access Governance

Enhancement

Issue ID

Improved performance in determining the origin of employees' entitlements.

34768

Request parameters are archived when deleting completed request procedures.

33647

Improved presentation of attestation guidelines' main data.

34924

If it takes longer than 48 hours to generate new attestation cases, the process is canceled. The timeout for generating attestation cases can be set in the QER | Attestation | PrepareAttestationTimeout configuration parameter.

34932

Improved documentation for suspending attestations, for example, by disabling attestation policies.

34945

Samples can now only be processed in the Attestation category in the Manager.

35108

Improved display of request property and request parameter assignments to service items and service categories in the Manager.

35148

The Manager displays potential rule violations better on user interface forms. The form element for assignments that can potentially lead to rule violations has been renamed.

35147

After importing HR data, templates are run on various Person table columns only if the data was not changed by the import.

34842

Improved Missing default entries in QERRiskIndex consistency check.

35411

For the PersonHasQERResource table, assign by event (IsAssignmentWithEvent) is now enabled by default.

35452

See also:

Resolved issues

The following is a list of solved problems in this version.

Table 5: General

Resolved issue

Issue ID

Performance issues checking unique groups when adding objects.

34830

The One Identity Manager Service does not notice changes to the service account option for its system users (DialogUser.IsServiceAccount column).

34858

Transfer from the DBQueue buffer (QBMDBQueuePond table) to the DBQueue fails because in-memory tables are too large.

34867

In certain circumstances, an error occurs when calculating table statistics.

34888

Repairing the search index on the application server might not work.

34894

The One Identity Manager Service cannot be initialized if there are inconsistent processes in the Job queue.  By resolving this issue, inconsistent processes are recorded in the process history.

34897

Error determining display values in simple list reports.

34923

Error opening the process information in the Manager if the program is connected through the application server.

34942

On the status page, the application server always shows the value -1 for the software revision.

34988

In the Configuration Wizard, on the Configure vendor notification page, the Back button is active.

34989

Error running multiple data archives simultaneously.

Error message: The instance of the SQL Server Database Engine cannot obtain a LOCK resource at this time. Rerun your statement when there are fewer active users.

35016

Incorrect maximum degree of parallelism (DB) value in the system configuration overview.

35022

If the DialogDatabase.ConnectionString column is labeled with the Blob (external) (isBlobExternal = 1) option, generating any process fails.

Error message: Value ConnectionString was not found.

35043

If an SQL Server with version 2019 is used, the basic settings for the database are not enabled.

35084

Performance issues calculating the sort order of DBQueue Processor tasks.

35087

If the processing state of a process step is updated, the modification date is not adjusted.

35095

Performance issues using the overload protection mechanism during bulk processing of DBQueue Processor tasks.

35103

Performance issues calculating a very large number of group memberships.

35104

Process history entries are deleted or moved to History Database too early.

35136

The object key (XObjectKey column) for the Canton time zone is incorrect.

35150

During migration, bitmasks of custom columns are not transferred to the QBMColumnBitMaskConfig table.

35159

Parameters without values are ignored when generating processes.

35173

Error saving deferred operations when the data contains line breaks.

35204

Importing files with placeholders in subdirectories does not work in the SoftwareLoaderCMD.exe command line program.

35299

When importing data using an import script in Data Import, dates and times may be changed.

35312

Migration to version 8.2 fails if a lot of UIDs have been changed.

35336, 35030

Enabling the Log changes (IsToWatch column) option on a timestamp column causes the generation of *Watch triggers to fail.

35384

The VI.Projector.ScriptSupport.dll file is not installed on the Job server.

34951

Saving a dependent object in the OnSaved script causes an error.

35446

In certain circumstances, the wrong translation is displayed for a value.

35436

Error encrypting a database when the password in a target system connection contains double quotes.

35408

Table 6: Web applications

Resolved issue

Issue ID

Certain special characters in the database password cause issues when installing the Web Designer Web Portal.

34294

In the Web Designer Web Portal, you cannot use a date in the filter wizard.

34435

The counter for filtered results is inaccurate if the results go over several pages. Paging is no longer available after filtering.

34506

The labels for the grouping columns and properties of attestation cases are not displayed correctly in the Web Designer Web Portal on the My Attestation Status page.

34593

In the Web Designer, the Maximum file size property cannot be used for components that are to upload files.

34840

In the Web Designer Web Portal, the department IDs are displayed in the menu instead of department names.

34943

In the Web Designer Web Portal, an error occurs when editing a page's layout settings.

34983

Custom files are stored in the wrong directory when an API Server is installed.

35050

In the Web Designer Web Portal, you cannot select any objects in the address book's filter wizard.

35052

In the Web Designer Web Portal and the Web Portal it is not possible to search for products/service items with a colon in the name.

35100, 35309

In the Web Portal, data is not correctly restricted following a previous restriction. For example, after selecting a department, identities are displayed that do not belong to the selected department.

35124

In the Web Designer Web Portal, manually entering a page number in tables does not switch to the given page, but generates an error instead.

35257

When you create an Angular workspace in child folders, the HTML application can no longer be compiled.

35272

In the English language Web Designer Web Portal and in the Web Portal the search for products/service items does not work correctly.

35310

In the Web Designer Web Portal, under certain circumstances, an error occurs when displaying pending attestations.

35323

Table 7: Target system connection

Resolved issue

Issue ID

Memberships of Azure Active Directory groups that are synchronized with the local Active Directory (column OnPremisesSyncEnabled=True) must not be provisioned.

34448

In certain circumstances, the customizer for the AADUserInGroup table prevents a membership from being deleted. 34702

Error finding the user login name for Azure Active Directory user accounts in federations.

A patch for synchronization projects with patch ID VPR#34896 is provided.

34896
In certain circumstances, synchronizing with Azure Active Directory causes memberships to be marked as outstanding. The next synchronization removes the marks. 35400

Incorrectly specified processing methods in the Calendar Processing and Mailbox Statistics synchronization steps in synchronization workflows for Exchange Online.

A patch for synchronization projects with patch ID VPR#35373 is provided.

35373

Some properties of Exchange Online objects, such as limits, do not distinguish between the 0 and the unlimited setting. By resolving this issue, the value -1 is interpreted as unlimited.

A patch for synchronization projects with patch ID VPR#35343_O3E is provided.

35343

Error provisioning SAP user accounts when a proxy is assigned to the user account.

Patches for synchronization projects with patch ID VPR#35370 and VPR#35370_CUA are provided.

35370

Sporadic data errors in external schema extensions based on SAP tables. Data is mixed between the selected data sets.

34382

The valid until date and the Excluded option on existing assignments of structural profiles to SAP user accounts cannot be changed.

Patches with the patch IDs VPR#35174_1 and VPR#35174_2 are available for synchronization projects.

35174

Error provisioning the authOrig properties of the group schema class in Active Directory.

34931

During synchronization of Active Directory user accounts, entries are created in the QBMServer table even though the TargetSystem | ADS | AutoCreateServers configuration parameter is not set.

34990

The ADS_PersonUpdate_ADSAccount script assign a state to an employee even though the Active Directory user account does not have one.

35101

The vrtparentDN property of Active Directory objects is formatted incorrectly if the distinguished name of the parent object contains a slash (/).

35458

Some properties of Microsoft Exchange objects, such as limits, do not distinguish between the 0 and the unlimited setting. By resolving this issue, the value -1 is interpreted as unlimited.

A patch for synchronization projects with patch ID VPR#35343_EX0 is provided.

35343

Retrieving a password from One Identity Safeguard fails with an error message.

35429

Error loading objects from a cloud application using the SCIM connector.

34999

Objects that were ignored during synchronization because there were still processes for them in the Job queue, are still not processed during subsequent synchronization with revision filtering.

35049

If synchronization runs for several days but the time specified in the DPR | Journal | LifeTime configuration parameter is shorter, the synchronization log for the current synchronization is deleted. The synchronization quits with an error.

35135

Error synchronizing if a custom processing method runs in a synchronizations step.

35264

Unknown schema types are not displayed in the single object view of the Domino connector's target system browser.

35001

If a Notes group is renamed, the wrong name is written to the AdminP request document.

35021

Data type error reading very large amounts of data with the Domino connector.

35268

If a fixed parameter is passed to a function in a SAP schema extension file, the result list is not restricted to the parameter value.

34948

Missing synchronization user permissions for synchronizing with a SAP S/4HANA 2.0 environment.

34967

Missing permissions on the SAPUserMandant table in the password reset portal.

34986

The SAPUser.Pname column's template is only run for new objects.

35083

Locking an SAPUser of a CUA leads to a template inconsistency for SAPUser.U_Flag

When locking an SAP user account in a central user administration, an incorrect value is set for the lock flag (SAPUser.U_Flag).

35156

Performance issues in DBQueue Processor when processing enterprise resource assignments for employees associated with SAP user accounts.

35223

TempUserPassword is not encrypted on the OverrideVariables parameter in the SAP_SAPUser_Insert and SAP_SAPUser_Update processes.

35307

Scrolling back in the System Connection Wizard for the Windows PowerShell connector mixes up settings that have already been entered.

35129

Error message opening a custom target system group in the Manager web application.

35187

In the Manager web application, columns of a schema extension for a customer target system do not display the alternative column caption.

35284

It is possible to assigned account definitions to user accounts that are marked as outstanding. In certain circumstances, there is an attempt to create another user account.

After solving this issue, appropriate messages are written to the log and the process could change to the frozen status. Rework the user account in the target system synchronization and run the whole process again.

35346

In the Synchronization Editor, tables are suggested for compression, that cannot be compressed.

35397

The CSV connector does not convert the DateTime value to UTC.

33676

Error displaying One Identity Manager objects in the target system browser when connecting to the One Identity Manager database using the RemoteConnectPlugin.

35441

Syntax errors importing One Identity Manager BAPI transports.

A new BAPI transport is provided (SAPBusinesspartnerProxies.zip), which contains the functions defined in the /VIAENET/HELPER package. The transport is only required if a SAP S/4HANA system is connected and business partner data associated with SAP user accounts is mapped.

34976

Table 8: Identity and Access Governance

Resolved issue

Issue ID

In certain circumstances, when an Active Directory group is assigned to a shelf, several product nodes are created.

34552

In an approval level with multiple approval steps, if one of the steps is escalated, the attestation history sometimes shows the wrong approval step as escalated.

34570

When renewing or unsubscribing a request with a limited validity period, the time to unsubscribe a product is not correctly determined in UTC time.

34619

Employees who have delegated approval of attestation cases to another person are still informed that attestation cases are available for approval.

34695

In certain circumstances, the object key of a cart item (ShoppingCartItem.ObjectKeyOrdered) is not filled correctly.

34801

It is not possible to select a role (ObjectKeyOfAssignedOrg) in approval steps of custom approvals.

34805

If several products for which request exist are moved to another shelf, some requests are canceled even though Retain service item assignment on relocation is set for all service items.

34914

Memberships in business roles can be requested even if the associated service item is marked as not requestable.

34934

The Analyzer does not recognize the ApplicationStart_Analyzer function.

34935

Automatic approvals through ReuseDecision may get stuck in an endless loop.

35003

Write error in the IT Shop - approval by mail and Attestation - approval by mail mail templates.

35029

Performance problems recalculating customer nodes in the IT Shop.

35117, 35302, 35357

For assignment orders, the object key of the assignment is not determined if the object key of the requested product does not exist.

35121

Performance issues calculating company policies if a large number of objects are affected.

35139

The Objectkey references to non existing object consistency check identifies request items of assignment request as incorrect.

35143

Error creating a report for an attestation object in the attestation case if the attestation object has a lot of recursively accessible, dependent objects.

35254

The Overview with roles and user accounts (incl.history) report is incomplete.

35366

In certain circumstances, if an approval step is automatically denied due to a timeout, the subsequent approval step is not run.

35440, 35454

When recalculating SAP role assignments to user accounts, the valid until date is incorrectly calculated if the assignment was created by an assignment request and the requester was deleted.

35434

See also:

Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating