Chat now with support
Chat with Support

Identity Manager On Demand Hosted - Release Notes

Release Notes

One Identity Manager 8.2.1

Release Notes

29 April 2022, 10:34

These release notes provide information about the One Identity Manager release, version 8.2.1. You will find all the modifications since One Identity Manager version 8.2 listed here.

One Identity Manager 8.2.1 is a patch release with new functionality and improved behavior. See New features and Enhancements.

If you are updating a One Identity Manager version older than One Identity Manager 8.2, read the release notes from the previous versions as well. You will find the release notes and the release notes about the additional modules based on One Identity Manager technology under One Identity Manager Support.

One Identity Manager documentation is available in both English and German. The following documents are only available in English:

  • One Identity Manager Password Capture Agent Administration Guide

  • One Identity Manager LDAP Connector for CA Top Secret Reference Guide

  • One Identity Manager LDAP Connector for IBM RACF Reference Guide

  • One Identity Manager LDAP Connector for IBM AS/400 Reference Guide

  • One Identity Manager LDAP Connector for CA ACF2 Reference Guide

  • One Identity Manager REST API Reference Guide

  • One Identity Manager Web Runtime Documentation

  • One Identity Manager Object Layer Documentation

  • One Identity Manager Composition API Object Model Documentation

  • One Identity Manager Secure Password Extension Administration Guide

For the most recent version of the product information, see the One Identity Manager documentation.


About One Identity Manager 8.2.1

One Identity Manager simplifies the process of managing user identities, access permissions and security policies. It gives control over identity management and access decisions to your organization, freeing up the IT team to focus on their core competence.

With this product, you can:

  • Implement group management using self-service and attestation for Active Directory with the One Identity Manager Active Directory Edition

  • Realize Access Governance demands cross-platform within your entire concern with One Identity Manager

Each one of these scenario specific products is based on an automation-optimized architecture that addresses major identity and access management challenges at a fraction of the complexity, time, or expense of "traditional" solutions.

One Identity Starling

Initiate your subscription within your One Identity on-prem product and join your on-prem solutions to our One Identity Starling cloud platform. Giving your organization immediate access to a number of cloud-delivered microservices, which expand the capabilities of your One Identity on-prem solutions. We will continuously make available new products and features to One Identity Starling. For a free trial of our One Identity Starling offerings and to get the latest product feature updates, visit

New features

New features in One Identity Manager 8.2.1:

  • Processing of the internal DBQueue Processor requests can be carried out by a service, the Database Agent Service. The Database Agent Service is deployed by a One Identity Manager Service plugin. The DatabaseAgentPlugin must be configured on the Job server that serves as the update server. An administrative user must be used for the database connection in the Job provider. Alternatively, the Database Agent Service can be run by the DatabaseAgent.exe command line program.

    If you use the Configuration Wizard to install or update the database, you can select whether to use the Database Agent Service or the SQL Server Agent for processing internal tasks in the database. The system configuration overview shows you which Agent is in use.

    IMPORTANT: This is an EXPERIMENTAL function. The performance impact on production systems has not been determined. Therefore this feature is not yet covered by support. However, you are welcome to try it (preferably in non-production systems) and if you have any feedback, send it to

  • Querying secrets in process step parameters is supported. Syntax: &SECRET(Name)&

    In the One Identity Manager Service configuration, secrets that are allowed to be used as replacements are given in the SecretsAllowList parameter. The SecretsFolder parameter specifies the directory where the secrets files are located.

  • Querying environment variable in process step parameters is supported. Syntax: &ENV(variable name)&

  • In the One Identity Manager Service configuration, HTTP headers for the status page can be configured in the HTTPHeaders parameter.

  • The command line program DBConsCheckCmd.exe is deployed for running consistency checks.

  • To stop properties from being edited, users require the Allows a change lock to be set for specified properties of individual objects program function (Common_AllowPropertyLocks).

    If certain users are supposed to be able to lock properties for editing, you can assign the permissions to the users through permissions groups. The QBM_PropertyLock permissions group is provided for non-role based login. For role-based logon, the Basic Roles | Lock single properties application role is provided.

Web applications
  • Changed the heuristics for detecting the time zone to use browser standards.

  • Added a code sample that shows how to integrate a multi-factor authentication provider for session authentication.

  • It is now possible to upload and host custom versions of standard HTML applications (for example, the Web Portal).

  • For HTML applications, it is possible to convert local changes to global changes using a configuration in the Administration Portal.

  • In the Administration Portal you can define your own logo for the Web Portal.

  • In the Password Reset Portal, it is now possible to register as a new user or create a new user account.

  • In the Operations Support Web Portal, it is now possible to display the number of processes per queue in a table as well as in a diagram.

  • Provisioning processes can be handled manually in the Operations Support Web Portal.

  • It is now possible to display additional columns and information in tables in the Web Portal (configurable in the Administration Portal).

  • Dynamic roles for memberships can be configured in the Web Portal.

  • In the Web Portal, it is now possible to manage request templates and use them for requests. You can create your own request templates.

  • In the Web Portal, owners can be assigned to devices. It is possible to claim ownerships of devices.

  • In the Web Portal, it is now possible to create new identities.

  • The history of an identity can be displayed in the Web Portal.

  • In the Web Portal, it is now possible to display rule violations and grant or deny exceptions.

  • The Web Portal can now display compliance rules.

  • In the Web Portal, it is now possible to request new SharePoint groups.

  • In the Web Portal, reports can now be managed (created, edited, deleted).

  • New functions in the Web Portal for locations, departments, cost centers, application roles, business roles, and system roles.

    • Rule violations can be displayed for locations, departments, cost centers, application roles, business roles, and system roles.

    • Departments, locations, cost centers, business roles, system roles can be split in the Web Portal.

    • It is possible to compare departments, locations, cost centers, business roles, and system roles.

  • The Web Portal shows which entitlements are lost if an attestation case is denied.

  • In the Web Portal, it is now possible to escalate attestation cases and request approvals.

  • In the Web Portal, pending requests that must be approved by others can be displayed on a tile on the home page.

  • In the Web Portal, it is now possible to delete the complete saved for later list.

Target system connection
  • Support for One Identity Active Roles version 7.5.

  • The Microsoft Exchange connector has read and write access to the attribute extensions (CustomAttibute 1 to CustomAttibute 15) for mailboxes, mail users, mail contacts, distribution groups, and dynamic distribution groups. To use the functionality, alter the mapping.

  • It is possible to prioritize data if the connector detects conflicts between database and target system when synchronizing with the One Identity Manager database.

  • If One Identity Safeguard is used for password management, sample scripts can now be used.

  • In the Synchronization Editor code snippets are provided that you can use as templates for reading a system user's password from an external password management system. These code snippets can be utilized when One Identity Safeguard is implemented for password management. The code snippets can be selected and customized when creating script variables.

  • The Azure Active Directory connector can load the creationType schema property of the User schema type. To use the functionality, alter the mapping.

Identity and Access Governance
  • Request and attestation case approvals using Starling Cloud Assistant.

    Adaptive cards can be used to allow approvers and attestors who temporarily do not have access to their One Identity Manager tools to approve requests and attest cases. Starling Cloud Assistant transfers the adaptive cards to the approvers and attestors, waits for their response, and sends the response to One Identity Manager. In Starling Cloud Assistant, transmission channels are configured and can be set separately for each recipient. Currently, Slack, or Microsoft Teams can be used.

    For adaptive card approvals and attestations, the approval steps, service items, or service categories specify whether a reason must be provided with the approval.

    Adaptive cards replace the Starling 2FA app approval. There is still support in the Starling 2FA app in version 8.2.1 for request approvals, but it is not enabled. The Starling 2FA app will be completely removed with the next One Identity Manager release. For more information, see Deprecated features.

  • Certification of new business roles, organizations, and application roles.

    The attestation functionality allows the main data of business roles, organizations, and application roles newly created in One Identity Manager to be attested and certified by its managers. The initial certification status is set by the QER | Attestation | <...> | InitialApprovalState configuration parameters. For roles with the New certification status, attestation is started and the certification status is updated according to the result.

See also:


The following is a list of enhancements implemented in One Identity Manager 8.2.1.

Table 1: General


Issue ID

The Can unsubscribe option (DialogRichMail.AllowUnsubscribe) can be customized for default templates.


In the Job Queue Info, improved display of the change information for the CausingEntityPatch parameter. This parameter contains the patch that contains the changes to be provisioned.


In the Job Queue Info, if an error occurs when the status is queried it is now shown. A detailed error message is displayed in the context menu.


The documentation can now be displayed in the Launchpad.


Improved permissions for the QBM_BaseRight permissions group.


The information about public holidays has been updated.


Altered bit positions of an assignment origin (XOrigin column) for assignment tables. The bit position 2 for assignments through a dynamic role has been removed.

35193, 35203, 35206

Kerberos support for HTTP authentication on the Job server.


Improved performance of bulk processing DBQueue Processor tasks with large amounts of data.


Improved performance when runtime plans are recompiled for the DBQueue Processor.

34803, 34813

Improved security settings for documentation.


Improved testing to prevent blind SQL injections.


Improved security for logging login attempts.


The third-party component DevExpress has been updated.


For security reasons, the HTML front-end of the application server can be disabled. To do this, add the following entry to the configuration file in the <server> section.

<!-- Do not provide the HTML/JS frontend -->

<add key="nofrontend" value="true" />

This also means that the API documentation in the application server, including the test options, is no longer available.


For security reasons, the HTML front-end of the One Identity Manager Service can be disabled. To do this, enter the IP address of the Localhost ( in the HTTP server IP address parameter.


The application server displays a 406 Not Acceptable error message if the requested content type is not supported.


The QER | Person | PasswordResetAuthenticator | SearchColumn configuration parameter has been extended so it is now possible to specify multiple columns. The columns can be delimited with a pipe (|).


Table 2: Web applications


Issue ID

The Web Portal checks whether compliance rules can be violated by requesting an assignment to business roles or organizations, even if no employee is directly affected. This check can now be disabled.


In the Operations Support Web Portal, the display of processes and filtering options has been improved.


Applications can now be deleted in the Web Portal.


The Web Portal displays details of products such as keywords, description, permission type, and inherited permissions.


In the Web Portal, it is now possible to view reports directly in the browser.


The Web Portal now displays compliance violations in the request history.


The Web Portal now makes it possible to add additional reports, account definitions, and disabled Azure Active Directory service plans to a shop's shelf.


Requesting for other identities in the Web Portal has been revised.

294912, 30104

The Web Portal can filter user accounts and system entitlements by target system and container.


The Web Portal displays rule violations for attestation cases.


The Web Portal now makes it possible to view additional information such as memberships, rule violations, reports, and assignment analysis.


Improved Web Portal performance.


The contents of the Attestation of my permissions tile on the Web Designer Web Portals home page have been improved.


In the Web Designer Web Portal, no more empty directories are displayed in the main data of roles.


Applications must now authenticate themselves with a special key (Trusted Source Key). During the initial installation, the trusted source key is configured automatically.

After upgrading the One Identity Manager to version 8.2.1, you must actively configure the trusted source key.

To configure the trusted source key

  1. On the server where the web application is installed, open a command line utility with administrator privileges.

  2. Change to a directory with installed One Identity Manager development tools.

  3. Call the following command:

    imxclient edit-config /path <web.config file path> -T

    (for example imxclient edit-config /path c:\inetpub\wwroot\apiserver\web.config -T)


    imxclient edit-config /path <web.config file path> /trustedsourcekey <Key>


In the Administration Portal, you can now configure whether only products that have already been requested within the peer group are displayed when a request is made through a peer group.


In the Administration Portal, the use of the Auth Token can now be disabled in the configuration.

301952, 35271

Security for StsSetup has been increased.


The RSTS was updated to version 2022-03-30.1.


Transfer of log entries from the web client to the server can now be disabled. To do this, add the following entry to the web.config file under <appSettings>:

<add key="DisableClientLog" value="true" />


Table 3: Target system connection


Issue ID

The time the synchronization finished is recorded in the synchronization log.


The password of the synchronization user for synchronizing Oracle E-Business Suite is stored as a variable and can be encrypted separately on an encrypted database.

A patch with the patch ID VPR#34775 is available for synchronization projects.


A list of SAP user accounts that cannot be edited in One Identity Manager has been added to the One Identity Manager Administration Guide for Connecting to SAP R/3.


Improved support for synchronizing child systems of a CUA that are not in the same SAP system as the central system.

A patch for synchronization projects with patch ID VPR#35118 is provided.

Improved support for dynamic groups in Azure Active Directory. 34777

Improved mapping of the recipient type of an Exchange Online mail user.

A patch for synchronization projects with patch ID VPR#34938 is provided.


The Active Roles connector can use the One Identity Manager Service's user account to log in on the target system. To do this, the Use current credentials (current user/service account) option is ensbled on the Credentials page in the project wizard.


Improved support for the Microsoft Exchange mailbox permissions Send As and Full Access.

A patch for synchronization projects with patch ID VPR#21073_2 is provided.


Improved email address uniqueness checking for remote mailboxes.


On the overview forms of LDAP user accounts, LDAP groups, and LDAP computers, the domain is also displayed.


When automatically requesting Exchange Online mail-enabled distribution groups, the members of a group of administrators are now also used as product owners.


When deleting Exchange Online mail-enabled distribution groups and Office 365 groups, as well as when deleting group memberships, the associated Azure Active Directory objects are also deleted.


Improved object search in the target system during provisioning.


The Synchronization Editor can display additional information about the connected target system.


New synchronization projects cannot be set up nor system connections created for connectors marked as obsolete.


System objects in system connectors now use less base memory.


Improvements in the dialog for editing schema properties in the Synchronization Editor.


The DPR_Migrate_Shell process has been given a higher priority to complete before any synchronization or provisioning processes start.


Error provisioning a Google Workspace environment are caught when changing assignments of products and SKUs to user accounts, changing only the license but leaving the product identical.


Support for SAP S/4HANA also with SAP BASIS version 7.53.


Improved documentation of the permissions required for synchronizing with Oracle E-Business Suite.


When using the /VIAENET/READTABLE function module, the table access permissions can now also be defined using the S_TABU_NAM or S_TABU_DIS authorization objects. These are tested equally.


Table 4: Identity and Access Governance


Issue ID

Improved performance in determining the origin of employees' entitlements.


Request parameters are archived when deleting completed request procedures.


Improved presentation of attestation guidelines' main data.


If it takes longer than 48 hours to generate new attestation cases, the process is canceled. The timeout for generating attestation cases can be set in the QER | Attestation | PrepareAttestationTimeout configuration parameter.


Improved documentation for suspending attestations, for example, by disabling attestation policies.


Samples can now only be processed in the Attestation category in the Manager.


Improved display of request property and request parameter assignments to service items and service categories in the Manager.


The Manager displays potential rule violations better on user interface forms. The form element for assignments that can potentially lead to rule violations has been renamed.


After importing HR data, templates are run on various Person table columns only if the data was not changed by the import.


Improved Missing default entries in QERRiskIndex consistency check.


For the PersonHasQERResource table, assign by event (IsAssignmentWithEvent) is now enabled by default.


See also:

Resolved issues

The following is a list of solved problems in this version.

Table 5: General

Resolved issue

Issue ID

Performance issues checking unique groups when adding objects.


The One Identity Manager Service does not notice changes to the service account option for its system users (DialogUser.IsServiceAccount column).


Transfer from the DBQueue buffer (QBMDBQueuePond table) to the DBQueue fails because in-memory tables are too large.


In certain circumstances, an error occurs when calculating table statistics.


Repairing the search index on the application server might not work.


The One Identity Manager Service cannot be initialized if there are inconsistent processes in the Job queue.  By resolving this issue, inconsistent processes are recorded in the process history.


Error determining display values in simple list reports.


Error opening the process information in the Manager if the program is connected through the application server.


On the status page, the application server always shows the value -1 for the software revision.


In the Configuration Wizard, on the Configure vendor notification page, the Back button is active.


Error running multiple data archives simultaneously.

Error message: The instance of the SQL Server Database Engine cannot obtain a LOCK resource at this time. Rerun your statement when there are fewer active users.


Incorrect maximum degree of parallelism (DB) value in the system configuration overview.


If the DialogDatabase.ConnectionString column is labeled with the Blob (external) (isBlobExternal = 1) option, generating any process fails.

Error message: Value ConnectionString was not found.


If an SQL Server with version 2019 is used, the basic settings for the database are not enabled.


Performance issues calculating the sort order of DBQueue Processor tasks.


If the processing state of a process step is updated, the modification date is not adjusted.


Performance issues using the overload protection mechanism during bulk processing of DBQueue Processor tasks.


Performance issues calculating a very large number of group memberships.


Process history entries are deleted or moved to History Database too early.


The object key (XObjectKey column) for the Canton time zone is incorrect.


During migration, bitmasks of custom columns are not transferred to the QBMColumnBitMaskConfig table.


Parameters without values are ignored when generating processes.


Error saving deferred operations when the data contains line breaks.


Importing files with placeholders in subdirectories does not work in the SoftwareLoaderCMD.exe command line program.


When importing data using an import script in Data Import, dates and times may be changed.


Migration to version 8.2 fails if a lot of UIDs have been changed.

35336, 35030

Enabling the Log changes (IsToWatch column) option on a timestamp column causes the generation of *Watch triggers to fail.


The VI.Projector.ScriptSupport.dll file is not installed on the Job server.


Saving a dependent object in the OnSaved script causes an error.


In certain circumstances, the wrong translation is displayed for a value.


Error encrypting a database when the password in a target system connection contains double quotes.


Table 6: Web applications

Resolved issue

Issue ID

Certain special characters in the database password cause issues when installing the Web Designer Web Portal.


In the Web Designer Web Portal, you cannot use a date in the filter wizard.


The counter for filtered results is inaccurate if the results go over several pages. Paging is no longer available after filtering.


The labels for the grouping columns and properties of attestation cases are not displayed correctly in the Web Designer Web Portal on the My Attestation Status page.


In the Web Designer, the Maximum file size property cannot be used for components that are to upload files.


In the Web Designer Web Portal, the department IDs are displayed in the menu instead of department names.


In the Web Designer Web Portal, an error occurs when editing a page's layout settings.


Custom files are stored in the wrong directory when an API Server is installed.


In the Web Designer Web Portal, you cannot select any objects in the address book's filter wizard.


In the Web Designer Web Portal and the Web Portal it is not possible to search for products/service items with a colon in the name.

35100, 35309

In the Web Portal, data is not correctly restricted following a previous restriction. For example, after selecting a department, identities are displayed that do not belong to the selected department.


In the Web Designer Web Portal, manually entering a page number in tables does not switch to the given page, but generates an error instead.


When you create an Angular workspace in child folders, the HTML application can no longer be compiled.


In the English language Web Designer Web Portal and in the Web Portal the search for products/service items does not work correctly.


In the Web Designer Web Portal, under certain circumstances, an error occurs when displaying pending attestations.


Table 7: Target system connection

Resolved issue

Issue ID

Memberships of Azure Active Directory groups that are synchronized with the local Active Directory (column OnPremisesSyncEnabled=True) must not be provisioned.


In certain circumstances, the customizer for the AADUserInGroup table prevents a membership from being deleted. 34702

Error finding the user login name for Azure Active Directory user accounts in federations.

A patch for synchronization projects with patch ID VPR#34896 is provided.

In certain circumstances, synchronizing with Azure Active Directory causes memberships to be marked as outstanding. The next synchronization removes the marks. 35400

Incorrectly specified processing methods in the Calendar Processing and Mailbox Statistics synchronization steps in synchronization workflows for Exchange Online.

A patch for synchronization projects with patch ID VPR#35373 is provided.


Some properties of Exchange Online objects, such as limits, do not distinguish between the 0 and the unlimited setting. By resolving this issue, the value -1 is interpreted as unlimited.

A patch for synchronization projects with patch ID VPR#35343_O3E is provided.


Error provisioning SAP user accounts when a proxy is assigned to the user account.

Patches for synchronization projects with patch ID VPR#35370 and VPR#35370_CUA are provided.


Sporadic data errors in external schema extensions based on SAP tables. Data is mixed between the selected data sets.


The valid until date and the Excluded option on existing assignments of structural profiles to SAP user accounts cannot be changed.

Patches with the patch IDs VPR#35174_1 and VPR#35174_2 are available for synchronization projects.


Error provisioning the authOrig properties of the group schema class in Active Directory.


During synchronization of Active Directory user accounts, entries are created in the QBMServer table even though the TargetSystem | ADS | AutoCreateServers configuration parameter is not set.


The ADS_PersonUpdate_ADSAccount script assign a state to an employee even though the Active Directory user account does not have one.


The vrtparentDN property of Active Directory objects is formatted incorrectly if the distinguished name of the parent object contains a slash (/).


Some properties of Microsoft Exchange objects, such as limits, do not distinguish between the 0 and the unlimited setting. By resolving this issue, the value -1 is interpreted as unlimited.

A patch for synchronization projects with patch ID VPR#35343_EX0 is provided.


Retrieving a password from One Identity Safeguard fails with an error message.


Error loading objects from a cloud application using the SCIM connector.


Objects that were ignored during synchronization because there were still processes for them in the Job queue, are still not processed during subsequent synchronization with revision filtering.


If synchronization runs for several days but the time specified in the DPR | Journal | LifeTime configuration parameter is shorter, the synchronization log for the current synchronization is deleted. The synchronization quits with an error.


Error synchronizing if a custom processing method runs in a synchronizations step.


Unknown schema types are not displayed in the single object view of the Domino connector's target system browser.


If a Notes group is renamed, the wrong name is written to the AdminP request document.


Data type error reading very large amounts of data with the Domino connector.


If a fixed parameter is passed to a function in a SAP schema extension file, the result list is not restricted to the parameter value.


Missing synchronization user permissions for synchronizing with a SAP S/4HANA 2.0 environment.


Missing permissions on the SAPUserMandant table in the password reset portal.


The SAPUser.Pname column's template is only run for new objects.


Locking an SAPUser of a CUA leads to a template inconsistency for SAPUser.U_Flag

When locking an SAP user account in a central user administration, an incorrect value is set for the lock flag (SAPUser.U_Flag).


Performance issues in DBQueue Processor when processing enterprise resource assignments for employees associated with SAP user accounts.


TempUserPassword is not encrypted on the OverrideVariables parameter in the SAP_SAPUser_Insert and SAP_SAPUser_Update processes.


Scrolling back in the System Connection Wizard for the Windows PowerShell connector mixes up settings that have already been entered.


Error message opening a custom target system group in the Manager web application.


In the Manager web application, columns of a schema extension for a customer target system do not display the alternative column caption.


It is possible to assigned account definitions to user accounts that are marked as outstanding. In certain circumstances, there is an attempt to create another user account.

After solving this issue, appropriate messages are written to the log and the process could change to the frozen status. Rework the user account in the target system synchronization and run the whole process again.


In the Synchronization Editor, tables are suggested for compression, that cannot be compressed.


The CSV connector does not convert the DateTime value to UTC.


Error displaying One Identity Manager objects in the target system browser when connecting to the One Identity Manager database using the RemoteConnectPlugin.


Syntax errors importing One Identity Manager BAPI transports.

A new BAPI transport is provided (, which contains the functions defined in the /VIAENET/HELPER package. The transport is only required if a SAP S/4HANA system is connected and business partner data associated with SAP user accounts is mapped.


Table 8: Identity and Access Governance

Resolved issue

Issue ID

In certain circumstances, when an Active Directory group is assigned to a shelf, several product nodes are created.


In an approval level with multiple approval steps, if one of the steps is escalated, the attestation history sometimes shows the wrong approval step as escalated.


When renewing or unsubscribing a request with a limited validity period, the time to unsubscribe a product is not correctly determined in UTC time.


Employees who have delegated approval of attestation cases to another person are still informed that attestation cases are available for approval.


In certain circumstances, the object key of a cart item (ShoppingCartItem.ObjectKeyOrdered) is not filled correctly.


It is not possible to select a role (ObjectKeyOfAssignedOrg) in approval steps of custom approvals.


If several products for which request exist are moved to another shelf, some requests are canceled even though Retain service item assignment on relocation is set for all service items.


Memberships in business roles can be requested even if the associated service item is marked as not requestable.


The Analyzer does not recognize the ApplicationStart_Analyzer function.


Automatic approvals through ReuseDecision may get stuck in an endless loop.


Write error in the IT Shop - approval by mail and Attestation - approval by mail mail templates.


Performance problems recalculating customer nodes in the IT Shop.

35117, 35302, 35357

For assignment orders, the object key of the assignment is not determined if the object key of the requested product does not exist.


Performance issues calculating company policies if a large number of objects are affected.


The Objectkey references to non existing object consistency check identifies request items of assignment request as incorrect.


Error creating a report for an attestation object in the attestation case if the attestation object has a lot of recursively accessible, dependent objects.


The Overview with roles and user accounts (incl.history) report is incomplete.


In certain circumstances, if an approval step is automatically denied due to a timeout, the subsequent approval step is not run.

35440, 35454

When recalculating SAP role assignments to user accounts, the valid until date is incorrectly calculated if the assignment was created by an assignment request and the requester was deleted.


See also:

Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating