Chat now with support
Chat with Support

Identity Manager 8.1.2 - Release Notes

Release Notes

One Identity Manager 8.1.2

Release Notes

February 2020

These release notes provide information about the One Identity Manager release, version 8.1.2. You will find all the modifications since One Identity Manager version 8.1.1 listed here.

One Identity Manager 8.1.2 is a patch release with new functionality and better behavior. See New features and Enhancements.

If you are updating a One Identity Manager version older than One Identity Manager 8.1.1, read the release notes from the previous versions as well. You will find the release notes and the release notes about the additional modules based on One Identity Manager technology under One Identity Manager Support.

One Identity Manager documentation is available in both English and German. The following documents are only available in English:

  • One Identity Manager Password Capture Agent Administration Guide

  • One Identity Manager LDAP Connector for CA Top Secret Reference Guide

  • One Identity Manager LDAP Connector for IBM RACF Reference Guide

  • One Identity Manager LDAP Connector for IBM AS/400 Reference Guide

  • One Identity Manager LDAP Connector for CA ACF2 Reference Guide

  • One Identity Manager REST API Reference Guide

  • One Identity Manager Web Runtime Documentation

  • One Identity Manager Object Layer Documentation

  • One Identity Manager Composition API Object Model Documentation

  • One Identity Manager Secure Password Extension Administration Guide


About One Identity Manager 8.1.2

One Identity Manager simplifies the process of managing user identities, access permissions and security policies. It gives control over identity management and access decisions to your organization, freeing up the IT team to focus on their core competence.

With this product, you can:

  • Implement group management using self-service and attestation for Active Directory with the One Identity Manager Active Directory Edition
  • Realize Access Governance demands cross-platform within your entire concern with One Identity Manager

Each one of these scenario specific products is based on an automation-optimized architecture that addresses major identity and access management challenges at a fraction of the complexity, time, or expense of "traditional" solutions.

Starling Cloud Join

Initiate your subscription within your One Identity on-prem product and join your on-prem solutions to our One Identity Starling cloud platform. Giving your organization immediate access to a number of cloud-delivered microservices, which expand the capabilities of your One Identity on-prem solutions. We will continuously make available new products and features to our Starling Cloud platform. For a free trial of our One Identity Starling offerings and to get the latest product feature updates, visit

New features

New features in One Identity Manager 8.1.2:

Basic functionality
  • Support for SQL Server 2019 with the compatibility level for databases SQL Server 2016 (130).

  • As from One Identity Manager version 8.1.2, a new method is available for updating customer databases faster. This method is only implemented for updating the schema in the context of service packs. For initial schema installation and updating the schema to a new main version, the conventional method is still used.

    NOTE: This method is applied to schema updates as from One Identity Manager version 8.1.2 assuming version 8.1.1 is installed. Updating of older One Identity Manager versions to version 8.1.2 uses the conventional method.

  • Support for custom staging levels for the One Identity Manager database. This information is shown in the status bar of the programs in the database connection tooltip and in the installation overview in the Launchpad.

Web applications
  • In the Web Portal, you can display and request products that other people from your vicinity have already requested. As a manager, you can also see products from your team’s peer groups.

  • In the Web Portal, you can specify how dates and numbers are formatted. You can configure this in the My Profile | Contact Data | Language for value formatting field.

  • You can configure the Password Reset Portal such that you can log in using user accounts other than the central user account with help of password questions or a passcode (for example, with the name of the Active Directory user account). Use the QER | Person | PasswordResetAuthenticator | DisabledBy, QER | Person | PasswordResetAuthenticator | EnabledBy, QER | Person | PasswordResetAuthenticator | SearchColumn, and QER | Person | PasswordResetAuthenticator | SearchTable configuration parameters to configure this. For more detailed information, see the One Identity Manager Web Application Configuration Guide.

Target system connection
  • One Identity Safeguard Version 2.8, Version 2.9, Version 2.10, and Version 2.11. are supported.

  • Microsoft Exchange 2013 with cumulative update 23 is supported.

  • TECH PREVIEW ONLY: A new LDAP connector LDAP Connector (Version 2 - Tech Preview) is available. Project templates are made available for OpenDJ, Active Directory Lightweight Directory Services (AD LDS), and Oracle Directory Server Enterprise Edition (DSEE) as well as a generic project template. The connector can be tested in a test environment. You must definitely not use the connector in a live environment.

Identity and Access Governance
  • Use the QER | Person | UseCentralPassword | CheckAllPolicies configuration parameter to specify if an employee’s central password is checked against all the target system’s password policies of the employee’s user accounts. Checking is only carried out in the Password Reset Portal.

  • Approvers that are registered for Starling Two-Factor Authentication, can also use the Starling 2FA app for approvals. This option is available if you use Starling Cloud for multi-factor authentication. Use the QER | Person | Starling | UseApprovalAnywhere and QER | Person | Starling | UseApprovalAnywhere | SecondsToExpire configuration parameters to configure the required behavior.

  • Support for peer group analysis for attestation.

    There is a new PeergroupAnalysis event for the AttestationCase table that you can link into the approval workflow with an EX step. In this approval step, whether the attestation case is automatically granted or denied approval depends on a peer group analysis of the employee connected to the attestation object. The peer group analysis is determined through the manager or department of the employee connected to the attestation object.

    To configure peer group analysis for attestation, use the QER | Attestation | PeerGroupAnalysis configuration parameter and its subparameters.

See also:


The following is a list of enhancements implemented in One Identity Manager 8.1.2.

Table 1: General


Issue ID

Improved performance transferring deleted Job queue entries to the process history.

31103, 32402

Improved performance of DBQueue Processor tasks for shrinking records from process monitoring and the process history.


Improved performance processing DBQueue Processor tasks with large amounts of data.


Improved performance processing DBQueue Processor tasks during synchronization. To prevent possible blocking of DBQueue Processor task processing during synchronization, a DBQueue buffer (QBMDBQueuePond table) is implemented. The time period for deferring remaining entries is defined in the QBM | DBQueue | BufferTimeout configuration parameter (default 120 minutes).

32525, 32577

Improved performance deleting objects including all their dependencies.


Improved performance executing deferred operation with large amounts of data.


Improved performance updating current UTC offsets of all timezones.


Columns that need to be in a defined display pattern in the table are given implicit viewing permissions.


Improved compilation of HTML applications in the Configuration Wizard.


Improved documentation for applying scripts about conditional displaying and editing of columns. For more detailed information, see the One Identity Manager Configuration Guide.


Improved how to determine the current version of the database server to display in the system configuration report.


Improved accessing the One Identity Manager History Database when connected through an application server.

When you install an application server, you can enter the connection data to one or more One Identity Manager History Databases. You can also enter an One Identity Manager History Database‘s connection data at a later date. To do this, change the application server’s configuration file (web.config).

For detailed information, see the One Identity Manager Installation Guide and the One Identity Manager Operational Guide.


New consistency checks test whether or not there is a deferred operation that has already been triggered but does not have a process in the Job queue.


Improved the Objectkey references to non existing object and Objectkey references to non existing object (tolerated) consistency checks.

31898, 32197, 32333

You can specify a priority for registering a customizer method. If serveral methods of the same name are found, the method with the highest priority is selected. Therefore, methods from other customizers can be overwritten, if permitted.


The Fallback connection option (QBMConnectionInfo.IsFallBackAppServer) for the process generation connection data can only be enabled for one application server.


Improved identification of expiring sessions on the application server.


Improved reestablishing connections to the application server.


Improved protection against damaging SQL statements.

31768, 32102, 32285

Improved error messages when transporting changes if an error occurs while implementing them in the target database.


New MergeAction parameter in the DBTransporterCMD.exe command line program for handling merge conflicts during a transport.


The ScriptComponent process component has two new process functions available to it, ScriptExecExclusive and ScriptExecExclusive32, for executing scripts exclusively for one object.


Improved accessibility in the Manager.


Improved how permitted and not permitted character classes for password policies are displayed on forms in the Manager and the Designer.


Improved how translations are displayed in the Edit translation dialog.


Table 2: General web applications


Issue ID

Improved security for dealing with column filters in the Web Portal.


Improved performance making approval decisions for request and attestations in the Web Portal.


Improved performance of certain database queries in the Web Portal.


Removed checkbox in front of the date field in the Web Portal. If you do not want a time restriction, do not enter anything in the field.


When an API is compiled, it is tested to see if a ConfigureAwait(false) method has been used for each await keyword. This ensures that asynchronous code is applied correctly.


Webauthn security keys: The RSTS version has been updated to version 2019.11.22.0. You can prevent the X-Frame-Options HTTP response header from being returned by setting the DisableAddingXFrameOptionsHeader configuration setting to true.


Improved performance of grid controls. Less database queries are generated.


The Web Portal monitor page has been reworked and now shows better information.


Improved performance of database-bound grids.


In the Web Portal, the system role’s Hyper View has been reworked.


On the Web Portal's start page, assignment resources, multi-requestable/unsubscribable resources, and resources are now visible in the My Responsibilities tile.


Improved performance displaying requestable products in the Web Portal.


Improved performance requesting products in the Web Portal.


Table 3: Target system connection


Issue ID

Only relevant project templates are offered in the project wizard.


Synchronization of objects with incorrect object properties can be allowed if necessary.


Improved performance synchronizing Microsoft Exchange recipient lists.


The Oracle E-Business Suite connector recognizes on its own, which Oracle Database Editions are used in the target system.

A patch with the patch ID VPR#30464_1 is available for synchronization projects.


Improved performance provisioning assignments of Oracle E-Business Suite entitlements to user accounts.


During provisioning of G Suite user accounts, user accounts are prevented from being processed in parallel.


During provisioning of Notes objects, the latency is increased after the index is refreshed to be able to reload object properties without errors.


In the One Identity Safeguard connector, the version of the Windows PowerShell module in use is checked to see if it is supported and matches the appliance. If this is not the case, the connection is closed with an appropriate error message.


Support for Telnet session request for PAM.


The SAP connector now uses SAP code pages 6100, 6200, and 6500.


Accelerated synchronization of personnel planning data from an SAP HCM system.

A patch with the patch ID VPR#32154 is available for synchronization projects.


New USOBHASH schema type in the SAP connector schema to load permissions from the USOBHASH table in SAP R/3.


The SCIM connector now allows parallel access 10 times max. to load single objects during synchronization.


Improved performance using the SCIM connector for synchronization.


The CSV connector now takes language settings into account when reading and writing.


Table 4: Identity and Access Governance


Issue ID

When a passcode is created, it is logged in the system journal.


Business roles that are used in assignments resources cannot be deleted anymore.


Improved performance calculating QER_FTPWOVisibleForPerson.

32045, 32334

The Retain service item assignment on relocation option can now be set on default service items.


See also:

Resolved issues

The following is a list of solved problems in this version.

Table 5: General known issues
Resolved issue Issue ID

The following error occurs while the One Identity Manager database is updating from version 7.0.x, 7.1.x, or 8.0.x to version 8.1.1:

Database error 41337: Cannot create memory optimized tables. To create memory optimized tables, the database must have a MEMORY_OPTIMIZED_FILEGROUP that is online and has at least one container.


The schema update fails on QBM_PIndexDropRedundant if there are indexes with a lot of columns.


In the Configuration Wizard, changing to a new login for an administrative user when installing a One Identity Manager database does not work correctly. This happens if the database connection was established with Windows authentication.


In the Configuration Wizard, an error occurs selecting the directory for database files in the file browser if an installation user with granular permissions is used and the files are not stored in the database server’s default directories.

For more information about the required authorizations, see the One Identity Manager Installation Guide.


Custom files are deleted during update installation of local assemblies.


Backup files are sometimes generated in the wrong directory during an One Identity Manager update.


Web application assemblies are not completely deleted during compilation.


Errors when the RemoteConnectPlugin starts are not properly logged in the One Identity Manager Service.


Error querying if the SQL Server Agent is running on an Azure SQL Database.


In the search index, the change date is set even though a table is not indexed in a run.


On a server with AlwaysOn availability groups, if a One Identity Manager History Database is not in an AlwaysOn availability group, data is not transferred to the One Identity Manager History Database.


Error if the name of the connection server for transferring data to the One Identity Manager History Database contains special characters.


When a connection server is created, data transfer to a One Identity Manager History Database fails if the is_rpc_out_enabled option is not set.


Error describing the SPML test front-end configuration.


In certain circumstances, the compiler dialog box is not displayed when transporting change labels, even though compilation is required.


Importing the transport package sometimes does not complete.


If a process step fails, the execution status of the following process step is correctly set to False however subsequent steps retain the execution status Loaded. This means that no more process steps are handled for this process.


It is not possible to create schedules with a long interval because the start date is skipped.


If a script being executed over the Execute Script process task of the PowerShellComponent process component fails, passwords contained in the script are written out in the One Identity Manager Service's log.


Error adding objects to change labels.

32159, 32160

Errors in the SDK_IPasswordManager_CreatePassword and SDK_IPasswordManager_ValidatePassword scripts. The scripts determine password policies without a base object.


Changing an MVP column that is configured for logging changes, does not generate a recalculation task for Watch* trigger.


Blockages of the QBMDBQueueCurrent table cause performance problems during processing of certain DBQueue Processor tasks. In this context, there is a new consistence check called Custom defined Z-Procedure without corresponding R-Procedure.


In certain circumstances, post-processing are not generated.


In certain circumstances, an error occurs in the QBM_PDBQueueProcess_Del procedure.


The dialog for editing report master data in the Report Editor can be opened twice at the same time.


Internal temporary table for determining historical data for reports is created with the wrong sort order.


Identity providers (QBMIdentityProvider table) cannot be created in the Designer.

32209, 32431

Error opening the process plan editor if the Designer is running in quick edit mode.


The ResolveImportValueHashed function cannot handle dynamic foreign keys.


Error evaluating scripts about visibility (DialogColumn.CanSeeScript).


The QBM_PUserDetectByGroupList procedure removes too many permissions groups.

31601, 32068

During migration of One Identity Manager version 8.0.x to 8.1.x, the foreign key columns’ edit permissions are not cleared up if they come from custom permissions groups.

29031, 32270, 32352

Permissions missing during process simulation.


The DynamicGroup.Displayname column is too short.


Error passing the entity in the script (LineScriptName parameter) in the ScriptComponent process component’s CSVExport process task.



In the Schema Extension, permissions for database view are not tested correctly.


The Schema Extension wizard does not display all the error messages that occur when custom schema extensions are deleted.


Custom table of ReadOnly type are not generated correctly.


The _Old suffix causes errors during bulk updating of column names.


In the Manager, error loading historical data in the TimeTrace view.


An error occurs in a date field if the value larger than 31.12.9998 is entered.


In certain circumstances, objects in the Manager are opened as read-only.


Incorrect sorting of date values in the Manager if English (USA) is set as the language.


In the Filter Designer, searching with Ctrl + F does not work properly.


Inaccurate calculation of the memory required on a server.


In certain circumstances, table relations are incorrectly identified as errors in the consistency check.


In certain circumstances, entries in QBMElementAffectedByJob are not processed.


In the DBTransporterCMD.exe command line program, background processes are not correctly taken into account during testing to see if single user mode can be enabled.


In certain circumstances in the DBTransporterCMD.exe command line program, single user mode is not exited.


Insufficient references in certain scripts.


Table 6: General web applications

Resolved issue

Issue ID

In the Web Portal, you cannot delete bookmarks referencing objects that no longer exist. Now you can delete bookmarks in a tile on the Web Portal‘s start page.


In the Web Portal, on the employee history page, it is not possible to sort the table without setting a filter beforehand.


In the Web Portal, an error occurs if, within one session, a new subgroup is added to an Active Directory group and another subgroup is added under the first subgroup.


In the Web Portal, the Back button on the Pending attestations page only works if there are no attestations.


In the Web Portal, if you temporarily deactivate an employee, an error occurs if the current date is selected in Temporarily disabled until.


In the Web Portal, you can sort by columns with hidden content.


In certain circumstances in the Web Designer, an object is loaded without the mandatory column XObjectKey.


In the Web Designer, if the value of Minimum number of characters is set to less than 1025 characters in the copy or extension of a particular component (for example, VI_UNS_RequestNewGroup), then only a maximum of 1024 characters can be entered in this field in the Web Portal at a later date.


In the Web Portal, the Send a reminder mail dialog does not have a scroll bar.


In the Web Portal, an error occurs if a report is shown that requires input of a value for a parameter.


In certain circumstances in the Web Portal, filtering requesters in the request history causes an error.


In certain circumstances in the Web Portal, an approver of an attestation case cannot analyze the removal of permissions.


In certain circumstances, single sign-on does not work for the API Server.


In the Web Portal, displaying request queries takes a long time.


In the Web Portal, if a filter is applied to both the Request column and the Product column, the results do not correspond to the filters anymore and too many results are displayed.


In the Web Portal, the Pending requests page takes too long to show the pending requests.


In the Web Portal, if you search while system entitlements are displayed, an error occurs.


In the Web Portal, an error occurs while searching for products for a new request.


In the Web Portal, searching on the Auditing - Requests page does not return all the results.


When business roles are displayed in the Web Portal with Internet Explorer 11, the manager and deputy are missing.


If the Hardware configuration parameter is not set, no more requests can be made in the Web Portal.


In the Web Portal, displaying entitlements for staff, takes a long time.


In the Web Designer, if a logo is selected for the login screen, an error occurs.


In the Web Portal, an error occurs if several requests are selected and approved at the same time.


If the Web Portal login through OAuth 2.0/OpenID Connect fails, the browser hangs.


In the Password Reset Portal, the View settings | Select all option is not applied to all the lists shown.


In certain circumstances, the Web Portal shows unsaved changes to user data until the user logs in again.


In the Web Designer, an error occurs if a project is compiled that contains a combobox (node) that does go through any iterations.


In the Web Portal, selecting an employee for a new request can take a long time.


In the Web Designer, some Web SQL functions cannot be used in conditions in column lists.


In the Web Portal‘s mobile view, dialogs and their content as well as button texts are not completely displayed.

32379, 32386

In the Web Portal, the Disabled until field shows the wrong date in the employee’s master data.


In certain circumstances in the Web Portal, multi-select buttons (without any function) are sometimes displayed for pending attestation cases.


Use of the | character in the password of the SQL user who was used to install a web application causes and error.


In certain circumstances in the Web Portal, the shopping cart check shows incorrect results.


In the source of an export file created by the Web Portal, you can see a full path.


In the Web Portal, an error message wrongly displays an HTML tag when the shopping cart is being checked.


In the Web Portal, dependent applications are not sorted in the menu.


In certain circumstances in the Web Portal, an attestor does not have sufficient permissions to analyze the removal of permissions.


In the Manager web application, an error occurs selecting an assigned object on a system role’s overview form.


In the Manager web application, the icons in the menus are not shown correctly.


In the Manager web application, an error occurs displaying rule violations.


Table 7: Target system connection

Resolved issue

Issue ID

Synchronization projects cannot be opened after importing because dependencies are missing.


Error synchronizing if the value of a schema property for resolving keys contains more than one $ character. The connector handles this value as a variable.


In the synchronization log, objects that are marked as outstanding, are not logged.


Incorrect result if account definition assignments are deleted for an employee and then added again shortly afterward.


Error provisioning group memberships if there are schema properties that are not mapped in the mapping to be executed.


Provisioning processes are not generated if the mapping in use references a base map and the base map is not used in the provisioning workflow.


Error during synchronization: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.


When you close a synchronization project, the password for logging in to the target system is saved incorrectly if it contains the dollar ($) character.

32226, 32311

Objects with a combined primary key with a value of timestamp, cannot be reloaded.


If single provisioning of memberships is disabled, changes to memberships are not provisioned if a value comparison rule is used.


Special characters are not masked correctly in custom project templates.


Error during synchronization: The connection does not support MultipleActiveResultSets.


Error creating synchronization projects with the Synchronization Editor Command Line Interface if there is a special character in the connection parameter.


On the form for defining search criteria for employee assignment, the allocated base object’s UID is display instead of the user account’s UID. This happens if the display pattern for the user account table is made up of several columns.


If an error occurs loading the object list, the SCIM connector returns an empty list as successfully loaded. The error only occurs in One Identity Manager version 7.1.x and 8.0.x.


In certain circumstances, Active Directory objects are marked as outstanding or deleted during synchronization but the marker is immediately removed again.


On the form for assigning Active Directory groups to an Active Directory user account, groups are shown that are marked as only for use in the IT Shop.


When an Active Directory user account is added, it is possible to enter a different primary group to that of Domain Users.


If only upper and lower case changes in the display name of an Active Directory object, the change is not provisioned.


If a double s changes to sz (ß) changes in the display name of an Active Directory objects, the change is not provisioned.


The LDAP search filter for finding Active Directory objects is set up incorrectly. This means it finds too many objects. Only after the objects from all object classes have been loaded does the filter run again with the correct object classes, effectively recalculating the object list correctly. However because too many objects were loaded in the first place, synchronization takes longer.


If a container is deleted from an Active Directory user account, verification of the object properties fails after provisioning.

A patch with the patch ID VPR#32258 is available for synchronization projects.


The formatting script for ADSDomain.ADSDomainName causes an error.


Some assignment forms for Active Directory objects can be opened with multi-select.


Error provisioning Oracle E-Business Suite objects.


E-Business Suite request groups are not synchronized if the REQUEST_GROUP_ID is identical.

A patch with the patch ID VPR#32667 is available for synchronization projects.


The G Suite connector cannot load more than 1000 G Suite product and SKU assignments.


Error loading the Notes schema when setting up synchronization if there is a Notes group that apparently has corrupt attributes.


Setting up and executing synchronization with IBM Notes fails if Notes Views are saved with a different name in the Domino directory.


The Notes connector returns the wrong value for AdminRequest,Type.


Error changing the certificate of a Notes user account.


Error publishing changes to Exchange Online mailboxes in the Calendar Processing (User/Shared) synchronization step.

A patch with the patch ID VPR#31928 is available for synchronization projects.


Exchange Online objects with a single quote (’) in their name cannot be synchronized.


Single object synchronization of a One Identity Safeguard appliance marks the appliance as outstanding if the cluster that the appliance belongs to was swapped to another node in the preceding synchronization.

A patch with the patch ID VPR#32031 is available for synchronization projects.


If a domain with subdomains is connected to One Identity Safeguard, the PrimaryAuthenticationProviderId is determined incorrectly.

A patch with the patch ID VPR#32423 is available for synchronization projects.

IMPORTANT: Data in the One Identity Manager database goes missing when you apply this patch.

To restore the data, start a full synchronization immediately after the automatic patches have been applied.


Error loading objects that were not logged during synchronization if the Continue on error synchronization workflow is configured.


Display names for HREmployee_Active are only shown in debug mode.


Migration of the One Identity Manager database fails in large customer bases if the HelperSAPUserInSAPRole is updated.


The system connection to SAP R/3 cannot be established if the synchronization user’s password contains dollar ($) characters.


Adding and deleting SAP user accounts does not trigger the recalculation task for the SAPBWUserInSAPBWP table.

32482, 32486

The option to login with user name and password is missing from the configuration for the system connection to SAP R/3 with SNC login.

A patch with the patch ID VPR#32415 is available for synchronization projects.


Parameters used to call a BAPI function to delete an SAP object are incorrectly populated.


SAPTitle.DistinguishedName is not unique.

A patch with the patch ID VPR#32584 is available for synchronization projects.


Provisioning processes for different SAP user accounts are not processed simultaneously by the Job queue. This happens if the same reference user is assigned to the user accounts.

32318, 32638

Error accessing the target system with the SCIM connector for One Identity Starling Connect.


Patches for synchronization projects that use the SCIM connector are provided by the wrong One Identity Manager module.


Error applying the VPR#29844 patch.


If you use the SCIM connector to synchronize a GitHub system, queries from GitHub are rejected because the user agent is not included.


Error testing the connection to the cloud application in the system connection wizards if there is no authentication endpoint given.


Error defining a database view if a system connection is configured through the generic ADO.NET provider.


The native database connector executes the configured processing method of a synchronization step only for the first object of the object class although several objects need to be processed. This happens if a pattern-based strategy is defined for the data operation.


Error updating the schema from a CSV file if the file has not been declared in the system connection wizard.


Error adding memberships in the UNSAccountBInUNSGroupB table in the target system browser although the object are within the scope.


If the revision property does not contain a value (NULL or empty string), the wrong data type is saved in the DPRRevisionStore table.


Problems connecting to Microsoft Exchange Server 2016 if using SSL.


The ThrottlingPolicy property is not loaded for Microsoft Exchange mailboxes.


Table 8: Identity and Access Governance

Resolved issue

Issue ID

The task  QER-K-OrgAutoChild blocks the DBQueue.


In certain circumstances, assignments on assignment forms are not saved.


A potentially damaging SQL statement has been identified on different overview forms.


Performance problems calculating system role assignment to business roles and organizations.


The Identity Lifecycle Customer dynamic role has orphaned foreign keys if the QER | ITShop configuration parameter is not set.


Email notification about pending requests are sent to members of the chief approval team.


If a system entitlement does not have a container, the TO approval procedure cannot determine an approver.


If the number of approvers is given as -1 (all employees found are approvers) in an approval step, the request is also presented for approval to the members of the chief approval team.


Insufficient permissions for end users to delete or end a delegation.


Escalation of an approval step does not take the QER | ITShop | ReuseDecision and the QER | ITShop | AutoDecision configuration parameters into account.


New entries are created in the PWOHelperPWO table for requests with validity periods in the future that already have final approval.


In certain circumstances, an employee can make an approval decision for a request that was questioned.


If an additional approver was assigned to an approval step, the chief approval team’s approval decision has no effect.


The Number of requestable products statistic element shows the number of all the products in the IT Shop instead of just requestable products.


Error removing a service category (AccProductGroup table) from the hierarchy.


The QER_ZITShopOrderAbort procedure user the wrong cancellation method.


If an approver makes approval decisions for several requests because they are delegated, the delegator is only informed the first time.


In certain circumstances, despite the QER | ITShop | DeleteClosed configuration parameter being set, not all columns that are marked to be logged on deletion are logged.


Increased occurrences of deadlock during parallel processing of requests (bulk requests).


If E-Business Suite permissions assignments to user accounts are attested and automatic removal of permissions is configured, denied assignments are not deleted.


The condition for viewing the AttestationCase table of the VI_4_ALLUSER permissions group does not allow closed attestation cases to be displayed if the currently logged in user was involved.


If memberships of Azure Active Directory user accounts in groups (ADDUserInGroup table) are attested and automatic withdrawal of system entitlements on attestation failure is configured, the wrong memberships are deleted if the group is an Office 365 group or an Exchange Online mail-enabled distribution group.


If an approval step, for which a query was made, is escalated, the Hold status of the attestation case is not removed.


If an attestation object is deleted during an attestation run, the entire attestation run is terminated.


Automatic removal of permissions after attestation is not approved, does not taken into account if the assignment is marked for deletion.


During synchronization of SAP authorization assignments to SAP groups, not all the objects are loaded. This means that rule violations are not found when SAP function compliance rules are checked.


Error generating simple reports in CSV format.

32009, 32010, 32547

In certain reports about employees, the time period for assignments is not calculated correctly.


Employees are shown on the Subscribable report overview form that do not subscribe to that report anymore.


Table 9: IT Service Management

Resolved issue

Issue ID

The VI_Asset_ServerHasShares_MasterData form does not have a tab for custom columns.


The Help desk employee option on an employee’s master data form, is not displayed correctly if you swap between employees.


See also:

Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating