|No. ||Module ||Problem summary ||Package ||OS ||Cause of the problem ||Conditions ||Solution or workaround ||Reproduction steps |
|1 ||ENTM ||Fixes a Cross Site Scripting vulnerability issue for element ScrollPosX, ScrollPosY, and facesViewId. Also fixes an application error for element task.tag ||AN01542 ||All ||request parameters were not encoded prior to sending the request to server || || || |
|2 ||ENTM ||Fixes an Enterprise Management Server related issue where users could not log in through CA SiteMinder. ||AN01572 ||All ||We have a caching mechanism in place, which is not getting cleared when user is logging in through site minder UI but when user is logging in without site minder we are doing it in FrameworkLogin filter after authenticating the user. For Site minder integrated environment this filter will be disabled so it will not go through our authentication process as a result cache will not be cleared. || ||Clear the cache when the user is login with site minder authentication ||Issue#1 |
1. Create a new admin role with a member rule “who are members of (group "^=^=GROUP_NAME=^=^" )"
2. Active Directory is having the group defined in above rule with a member in it.
3. Remove the user from the group and login to the ENTM using site minder, user is still able to see the access defined for the user within the group.
1. Login to ENTM using system manager role with site minder authentication.
2. Create the same role with the same member rule as mentioned in last mail.
3. Go to View user and check for the admin role of the user, we will be able to see the admin role created as the user is in the group.
4. Remove the user from the group in AD.
5. Go to View user and check for the admin role of the user, we should not be able to see the admin role created as the user is not in the group now, but customer is seeing the role in the user admin roles section.
|3 ||ENTM ||Fixes a Report Agent issue where messages that exceeded 30MG caused the Enterprise Management Server to stop responding and generated an Out Of Memory error message. ||AN01746 ||All || || || ||1. Messages consumed from the queue( not as single thread in case of a large messages consumed a lot of memory. |
2. Repairing and the validation process of message are consumed a lot of memory
3. Message are saved to local temp file 4 times if failure occur consumed a lot of disk space.
4. Message are send to DLQ(dead latter queue) after 4 attempts in case of a large messages consumed a lot of memory.
5. Hibernate batch size was configure to 25 this normal but in case of large file we want release the session.
|4 ||ENTM ||When reset user password with Password Must Change is checked, page is throwing error string index out of bound, this will occur only if base urn in idmmanage is not having the port number ||AN02009 ||All ||When reset user password with Password Must Change is checked, page is throwing error string index out of bound, this will occur only if base url in idmmanage is not having the port number || || ||1. Configure ENTM with Apache reverse proxy or with IIS such a way that you don't need to provide port number while accessing ENTM Apache Reverse Proxy: Listen on port number 443 or 80 in httpd.conf so that you can access the ENTM URL without providing port number |
2. Update Base URL in IDMMANAGE Access ENTM URL without port number
3. Login with superadmin and reset password for any sam user and select change password on next login
4. logout as superadmin and login as sam user Expected Result: it must redirect to page to reset password Actual Result: Page show String index out of bound exception
|5 ||ENTM ||Fixes a issue where spaces in ENTM passwords were not supported though Windows policy permitted spaces ||AN02013 ||All || || ||Code Changes: To allow spaces between characters for password ||1. Create an windows Agentless Endpoint. |
2. Create a disconnected privileged account for the same endpoint and provide the password with spaces.
Expected Result: Account must be created as windows policy is allowing spaces between characters.
Actual Result: Server is throwing error saying password does not match the policy requirements.
|6 ||ENTM ||Fixes low priority application login vulnerability issues reported by App Scanner . ||AN01895 ||All ||Problem reported by app scanner is Cacheable SSL Page Found || || || |
|7 ||ENTM ||Fixes an issue where in report last check out and last password change time doesn't sync with CABI machine time. ||AN01921 ||All || || || ||1.Change the ENTM,BO machine time to GMT+8 |
2.Checkout and Checkin Privileged account
3.Run the capture snapshot
4.Create a Report(Report-=^English-=^Shared Account Management(SAM) and click and Shared Accounts by Endpoint.
5.Check the report will observe in report lastcheckout and lastpassword change time doesn't sync with cabin machine time.
|8 ||ENTM ||Fixes a problem during Checkout Operations via AutoLogin (i.e. RDP) where third party tools such as RDP and PUTTY are not launched and it repeatedly checks-out silently. ||AN01988 ||All ||Login Application Job does cleanup activity of invalid tickets which are leftover, every 60 seconds. || || || |
|9 ||ENTM ||Fixed a problem where email notification functionality is not implemented for cancel event ||AN01263 ||All || || || ||1. add email event on Management Console On Management Console, navigate to [Environments] - [ac-env] - [Advanced Settings] - [E-mail] and select following events from [event] drop down list and click [Add]. Then, click [Save] and [Restart]. |
2. log into EntM WebUI as requester
3. create request Privileged Account Request navigate to [Home] - [My Accounts] - [Privileged Account Request] and create request. -=^ this sends mail notification for CreatePrivilegedAccountExceptionNotStartedEvent using pending\CreatePrivilegedAccountExceptionNotStartedEvent.tmpl
4. cancel the request navigate to [Home] - [Self Manager] - [View My Submitted Tasks] and open detailed log for the Privileged Account Request Task and click [Cancel this Task] button.
Expected Result: Expect that mail notification is sent for the event
Actual Result: No mail notification was sent to the user
|10 ||ENTM ||Though the user is not selected, request is going for approval for the user. ||AN01306 ||All ||there is no condition specified to check if user already exist in the list to submit request for approval || ||Condition added to check if user already exists in this list of request and every time assigning a new userlist to the list of request ||1. login as superadmin |
2. create 3 EntM users. let's say user1, user2, user3
3. modify [Privileged Account Request] Privileged Access Role. navigate to [Users and Groups] - [Roles] - [Privileged Access Roles] - [Modify Role] and select [Privileged Account Request] - [Members] tab click arrow icon on the left of default member rule and add following new scope rules: -Endpoint (all) -User (all) The member rule becomes: Member Rule (all) Scope Rules -Privileged Account (all) -Privileged Account Request (all) -Endpoint (all) ^=- add -User (all) ^=- add
4. login as user1
5. create Privileged Account Request navigate to [Home] - [My Accounts] - [Privileged Account Request] and select an account click [...] button besides [Requested For:] and check a user (user2) and click [OK] click [...] button again and uncheck the user (user2) and check other user (user3) and click [OK] enter [Justification] and submit
6. login as approver (superuser) [expected result] request for user3 only appears in work list or [Waiting For My Approval] panel [actual result] request for user2 and user3 appear in work list or [Waiting For My Approval] panel though user2 is unchecked
|11 ||ENTM ||Fixes a server.log file error. |
This error is not reflect a functionality problem and is an internal validation within the code that should be reported as a warning.
|AN01524 ||All || || ||Code change- Changing log report level to warning at addDirectoryAttr method ||user store : embedded user store |
1. create a user on ENTM WebUI.
2. create a group on ENTM WebUI.
3.add the user which was created by step1 to the group.
4. log-in to the ENTM WebUI as the user.
5. select the following menu. Home-=^Privileged Account Request
6. search endpoint(click search button) getting a list of errors: example: ERROR [ims.llsdk.directory.jdbc.jdbcbase] Table tblUsers does not exist for attribute tblUsers.passworddata. Attribute value will not be saved.
|12 ||ENTM ||Fixes an issue with an Enterprise Management Server with Active Directory setup where, in Japanese or Korean, "Modify User" is enabled but must be disabled as with English. ||AN01569 ||All ||The role xml file is having the modify user enabled || ||Code Changes to update the xml file for AD role definition to remove modify user from the ENTM UI ||ENTM with AD setup in Japanese or Korean version is having "Modify User" enabled |
|13 ||ENTM ||Fixes an Enterprise Management Server issue where error messages are recorded in the server log file on user login. ||AN01571 ||All ||The errors occur when there is a problem finding the users in LDAP/AD. Could be that the DN pointing to the users is pointing to the wrong place or is just incorrect and does not exist or the DN path which points to where the users are located in the directory is invalid. || ||Need to remove the hardcoded values "cn=Partitions,cn=Configuration," from the search base in case root org contains Organization Unit. ||1. Make sure root org contains OU along with DC e.g. 'OU=ashisuto,DC=mlitad,DC=local'. You can check the same @ ac-dir in ^=^=ENTM_SERVER=^=^idmmanage |
2. Login to ENTM WebUI. check for the error in the server.log javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-0310020A, problem 2001 (NO_OBJECT), data 0, best match of:'OU=ashisuto,DC=mlitad,DC=local' ]; remaining name 'cn=Partitions,cn=Configuration,OU=ashisuto,DC=mlitad,DC=local'
|14 ||ENTM ||Fixes an issue where an exception showed in the server log when a user without Break Glass role attempted to view the "My Privileged Accounts" page ||AN01602 ||All || ||User is not a member of Break Glass role ||The exception was changed to a warning message in the log as this is not causing any problem in the ENTM ||1. log into EntM WebUI as superadmin |
2. modify Break Glass Privileged Access role member rule where ( Login ID not equal "superadmin" )
3. navigate to [My Privileged Accounts] Then, following errors will be recorded in server.log: 2013-10-02 17:29:46,819 ERROR [ims.default] Administrator superadmin is not authorized to exercise task imstask.label.task.BreakGlass.name 2013-10-02 17:29:46,819 ERROR [com.ca.ppm.tabhandlers.AccountPasswordsSearchHandler] AccountPasswordsSearchHandler: cannot find admin task by tag:BreakGlassAccounts NotAuthorizedException: Administrator superadmin is not authorized to perform task imstask.label.task.BreakGlass.name. This doesn't happen if the user is member of Break Glass role.
|15 ||ENTM ||Fixes an issue where data in the custom information fields in the create privileged account page are overridden by endpoint information data ||AN02002 ||All || || ||Inheriting custom fields from endpoint just in case they were not filled in the new created account ||1. create privileged account |
2. fill the Information tab fields (Department and Custom 1 - Custom 5 fields)
4. View the new created account the custom fields were not saved
|16 ||ENTM ||Fixes an issue where an endpoint located in a different Windows domain fails to register in the |
Enterprise Management Server and displays the following error:
"Endpoint cannot be created in this endpoint type. details: code 80".
Note: The Host Domain field is mandatory for both Windows and Linux Platforms.
|AN01986 ||All || || || ||1.Add EP to another Domain (trust3.com) |
2.Install EP versions with 12.6 sp2
3.Now try adding the EP using Local account of the Endpoint
Failing with the below error message:
"Error: Endpoint cannot be created in this endpoint type."
|17 ||ENTM ||Fixes and issue where the Get Password event requested by field reflected the SAM userid instead of the username. ||AN01987 ||All ||Displaying userid id instead of username in GetPasswordEvent.Now displaying FriendlyName(username). ||n/a || ||1.Login in into ENTM as a SAM user |
2.CheckOut the Account
3.Click on ShowPassword
4.Go to Privileged Accounts-=^Audit then open GetpasswordEvent then observe in description and details Requested by field value will be SAM userid.
|18 ||ENTM ||Fixes an issue where coping a password that contains '<' character results in all characters after '<' not being copied. ||AN01995 ||All ||When retrieving the user password and associating it with a span id, the function assumes '^=' character as a start of an html tag, and hence all the characters after it are ignored. ||This happens only when if the password contains '^=' symbol followed by a alphabet.(not if ^= is followed by numeral or symbol). || ||1. ENTM WebUI Login |
2. Home-=^My Privileged Accounts
3. checkout against a user
4. select "Copy to Clipboard" In this case: If the generated password has '^=' char, all chars after ^= are not copied .
|19 ||ENTM ||Fixes an issue where an admin is allowed to delete an account that is checked out ||AN02001 ||All || || ||Code Changes: Need to put validation in place while deleting the account. ||1. Checkout an account. |
2. Go to Delete privileged account and delete the checked out account
Expected Result: System must throw error saying account is checked out.
Actual Result: System is deleting the account though it is checked out.
|20 ||ENTM ||Fixes an issue where after upgrading to 12.8, the SAM events are created with an incorrect time stamp. |
SAM events in 12.8 are reported by UAR to occur in the future.
|AN01968 ||All ||Problem occur because we are converting date to Long value which will be the number of seconds since January 1, 1970, 00:00:00 GMT. The date stored in DB is in UTC when we are converting that date to Long value we are converting it to the long value of the server's time zone as a result value sent to audit queue is wrong. || ||Code Changes: Need to consider date as UTC and need to convert date to long value considering the UTC timezone. ||After upgrading CM to version 12.8, the client's SAM events are being created with an incorrect time stamp. - SAM events in 12.8 are reported by UAR to occur in the future. - UAR has not used any special offsets for TIBCO in the past. An account was checked out at 3:56 PM. UAR reports it as 8:55:54 PM because we are in GMT -5 Epoch , Event_Date = 1392429354 Friday, February 14, 2014 8:55:54 PM GMT-5 Epoch, Checkout Date = 1392429373 Friday, February 14, 2014 8:56:13 PM GMT-5 EST Eastern Standard Time GMT-5:00 -18000 |
|21 ||ENTM ||Fixes an issue where user is unable to checkout Disconnected Privileged Account from Disconnected Endpoint through REST API. ||AN01975 ||All || || || ||1.Create Disconnected Endpoint |
2.Create Disconnected Privileged account for the above endpoint.
3.Checkout Disconnected privileged account on Disconnected Endpoint through RESTAPI. Observe Account will not checkout.
|22 ||ENTM ||Fixes an issue with the LB environment where the retrieve base urn refers to the primary machine instead of the LB machine. ||AN01977 ||All || || ||Code Change- keep the base url host name as the host the request came from ||1. Setup Primary ENTM |
2. Setup LB ENTM
3. Create a user and mark to change password on login.
4. Go to the LB ENTM and login. the user details remained empty
|23 ||ENTM ||User is not able to reset password ||AN01981 ||All ||problem is because we are redirecting the request to a location based on the baseurl provided in idmmanage. Redirect causing the loss of request data. || ||Code Changes: To prepare the base URL with the URL from where request has been raised ||1. log into EntM as superadmin |
2. navigate to [Users and Groups] - [Users] - [Reset User Password] and reset password for a user with [Password Must Change] checked
3. logout from superadmin and login as a user whose password was changed in step 2. -=^ User ID, First Name and Last Name are blank in password service panel
4. enter [Password] and [Confirm Password] and click [Submit] -=^ The error appears on WebUI Error: Exception encountered during task submission: null
|24 ||ENTM ||Fixes an issue with disconnected Endpoint, where the time in Enterprise Management Server displayed as local time + |
time difference from UTC/GMT. Last Failed Connection Date is incorrectly displayed in view Endpoint.
|AN01985 ||All || || || ||1.Create new "Disconnected Endpoint" as SSH Device. Make sure to tick "Select to proceed if the target system is unavailable" |
2.Once the Endpoint is created - well only added to the DB - as does not event connect to it. I used host "aaa" (which does not exists).
3.Click View Endpoint and you can see that the "Last failed Connection Time" - is showing local time + time difference from UTC/GMT. So if my time is: March 24th 16:30 and UTC/GMT is March 24th 05:30am - the "Last Failed Connection Time" will show: March 25th 3:30am.
|25 ||ENTM ||Fixes an issue where viewing events in Audit |
PrivilegedAccounts the User ID field displays incorrect User ID
|AN01951 ||All || || || ||1. Set AD environment |
2. Checkout Password
3. Go to Privileged Accounts>> Audit >> Audit Privileged Accounts>>
4. Select Event Name as 'Get Account Password' and search
5. In Listed events make sure that userid is showing proper AD's User Friendly name
|26 ||ENTM ||Fixes an issue where occasionally user receives an “Access denied" message when trying to log in using PUTTY even though password and username is correct ||AN01956 ||All || || || || |
|27 ||ENTM ||Fixes an issue where creating an endpoint using REST API results in saving the password incorrectly in the database ||AN01958 ||All || || || || |
|28 ||ENTM ||Fixes an issue with the feeder where the CHECKOUT_ONLY_AUTO_LOGIN property is not updated properly ||AN01938 ||All || || || ||1. Create feeder file to create Privileged Account with CHECKOUT_ONLY_AUTO_LOGIN property and set it to value TRUE. |
2. Run feeder option and check the account. 'Login application Checkout only' flag for the accounts was not updated
|29 ||ENTM ||When a Sam user requests for an account and he gives a specific time for which he needs the account, the account is accessible in "My Privileged Accounts" of the sam user even after the time is gone. ||AN01943 ||All || || || ||1. Create an endpoint. Discover an account. |
2. Login as a sam user.
3. Request for the account. While requesting, give time as 5 minutes.
4. Login as superadmin and approve the account.
5. Login as the sam user and checkout.
6. Wait for more than 5 minutes and then refresh the page.
Expected result: The account must have gone from My privilege Acc page. It should not display the account.
|30 ||ENTM ||Fixes an issue where during user creation phone number field allows string instead of validating for number. ||AN01948 ||All ||No validation is being done on Phone number field. || ||A function was introduced to validate the Phone number field. ||1. Create ENTM user and Terminal resources in EP machine and make sure the ENTM selang is able to connect from EP selang(host ^=ENTM Machinename=^) command. |
2. login to EM, and navigate to User creation page, scroll down to phone number, and provide a "string" for example: test
Actual Result: user is getting created by the string, there should be validating for a number , shouldn't accept a string.
|31 ||ENTM ||Fixes an issue where exporting Shared Accounts with "endpoints with failures" option to a CSV file fails ||AN01935 ||All || || || ||1. In World View, select Shared Accounts |
2. Search: Endpoint Name = *
3. Click "endpoints with failures" "Export" link
It should download csv file and contain the required data
|32 ||ENTM ||Fixes an Enterprise Management Server issue where exporting endpoint or account data results in missing details in the CSV file. ||AN01922 ||All ||If the endpoint/account has Japanese characters in any of the field not setting content length correctly. Now setting the content length correctly. || || ||1.Create Some endpoint/accounts on Japanese ENTM (example: Japanese characters in description) |
2. Go to WorldView-=^View-=^Shared Accounts
3.Uncheck "Show Only Failure" check box
5.Observe last rows data missing in csv file.
|33 ||ENTM ||Fixes an issue where adding a user as a GroupMember results in an exception when DXlink is used as user story ||AN01923 ||All || || || ||1.Create a provisioning server with DXlink |
2. Install the EntM through DXlink(attaching doc)
3. login in into EntM UI
4.Go to Users and Groups
5.Click on Modify Group
6.Add a User to GroupMember the result: "Failed to execute AddToGroupEvent. ERROR MESSAGE: SmApiWrappedException:- LDAP: error code 53 - 0000209A: SvcErr: DSID-031A10B0, problem 5003 (WILL_NOT_P ERFORM), data 0 "
|34 ||ENTM ||Fixes a SAM issue where users cannot open the "Modify Privileged Account" screen from "Select Privileged Account". ||AN01925 ||All || || || || |
|35 ||ENTM ||Fixes an issue where "Deploy Script" and "UnDeploy Script" does not contain the scroll bar to view the content when tried through "Version History" Tab of View Policy Task. This happens in IE browser. ||AN01926 ||All ||input text box field is disabled || ||changed input text box field from disabled to readOnly || |
|36 ||ENTM ||Fixes an issue when hitting search in the World View for hosts with "Hostname = * " and "Endpoint Type = All " or "Hostname = * " and "Endpoint Type = AC Endpoint results with an error. This happens in the large scale environment only. ||AN01927 ||All ||Last Update Date value is null. || ||Check for Last Update Date value for each host and see it if it not null. Then only date value is sent for TimeZone conversions. ||1. Log in to ENTM |
2. Go to World View -=^ Hosts -=^ Search with "Hostname = * " and "Endpoint Type = All" or "Hostname = *" and "Endpoint Type = AC Endpoint"
3. Hit "Go".
|37 ||ENTM ||Fixes an issue where pwextractor is running without providing FIPS key , it doesn't throw a meaningful error prompting for FIPS key to be provided but throws a Null pointer exception and says "Successfully completed password extraction" .But the file doesn’t have passwords. ||AN01928 ||All ||there is no check made for FIPS key availability when -cleartext is provided. || ||Making check of FIPS key file when passwords are required as cleartext (ie using -cleartext). ||1. Stop Jboss |
2. Go to password extractor directory - /opt/CA/AccessControlServer/IAM_Suite/Access
3.Run the following command (I have not provided FIPS key) root@kxxxa02-I86765 pwextractor]# ./pwextractor.sh -backup -h kxxxa02-I86765 -account_pwd -cleartext -d orcl -t oracle -l entm_127cf1 -p N0tall0wed -f /opt/pwd CA SAM Password extractor.
|38 ||ENTM ||Fixes an Enterprise Management Server UI issue where the current password appears in the [Password Service] panel after user logs into the UI although the [Password Must Change] options was selected when the user account was created. ||AN01909 ||All || || || ||1.Login in int ENTM UI with superadmin |
2.Create User by selecting “Password Must Change" check box
3.Logout and login with newly user
4.will observe password field with asterisk
|39 ||ENTM ||Privileged Accounts show details missing fields. No visible display of true/false in the Exclusive account field in the my privileged accounts section. ||AN01912 ||All ||erroneous code in a JSP file used for displaying my privileged account details. || ||Code changes: change in a jsp file while displaying my privileged account details. ||1. Login to ENTM via a SAM user, request for few accounts. |
2. once the accounts are approved, check for the my privileged accounts
3. Click on Show details dropdown arrow button next to account name.
Actual Result: Exclusive Checkout is showing no results as shown in the screenshot.
|40 ||ENTM ||Fixes an Enterprise Management Server issue where a capture snapshot operation failed. ||AN01915 ||All || || || ||If we use userstore as AD then create user by disabling "UserMust Change the password on next logon" attribute. run the Capture snapshot will fail. But this was not reproduced on our local environment. |
|41 ||ENTM ||Fixes a SAM related issue where approved accounts are shown in UTC in "Home" , "My Accounts" , "Manage Privileged Account Requests" screens because the received date is in UTC zone is considered as Server Time Zone. ||AN01918 ||All ||Received date is UTC zone, but considered as Server Time Zone || ||Converting date time received in UTC zone into client time zone. |
1) This is Already approved accounts, currently running
2) Approved future running accounts
|1. Request an account from non-super admin. |
2. Login as superadmin or with that permission
3. "Home" -=^ "My Accounts" -=^ "Manage Privileged Account Requests" -=^ Select Request; Displayed start and valid time look are displayed in GMT
|42 ||ENTM ||Fixes a ControlMinder related issue where the Information Details are not populated from endpoint details when you manually create a shared account ||AN01885 ||All ||The implementation to populate the details is not available || ||Code Changes are required to populate the default value ||1. Install ENTM. |
2. Create an endpoint of type Windows Agentless and fill the Information tab with Owner, Department, custom1 and custom 2 View endpoint - details are all shown.
3. Discover an account for the above created endpoint, view the account, all the details including Owner, Department, custom1 and custom 2 are there.
4. Create an account manually for the above created endpoint, view the account.
Expected results: All the details including Owner, Department, custom1 and custom 2 are there.
Actual result: Owner details are there but Department and custom field values are missing.
|43 ||ENTM ||Fixes an issue with the Enterprise Administration Server where in a highly available environment, where the primary Active Directory controller fails, CA ControlMinder does not switch to the secondary Active Directory controller. ||AN01886 ||All || || || ||1. Export Ac-Dir.xml |
2.Edit: ^=Connection host="infra00B.forwardinc.ca" port="389" failover="infra00.forwardinc.ca:389" /=^
4.Shut down infra00B
5.Open ENTM login page
6. Try login, get error
|44 ||ENTM ||There is no reschedule mechanism in case the check-in event elapsed and the session still open ||AN01887 ||All ||There is no reschedule mechanism in case the check-in event elapsed and the session still open || ||Code Changes - Reschedule check-in event job, if fail to check in due to existing open session ||1. Create SAM privileged account which is set to be Exclusive Session. |
2. Request for the account for 10 minutes and approve it, User check-out the account and get a password to this SAM user Account
3. User RDP to the machine by the given password (not using log in-application) and doesn't close the RDP session
4. When the 10 minutes elapsed we raise a check-in event which fails due to Open Session This is the message we get: ….has 1 open session(s). Terminate (or log-off) its session prior to checkout or check-in operation the Problem The SAM account remain as check-out even after closing the session to the target endpoint machine.
|45 ||ENTM ||Fixes an Enterprise Management Server issue where a user checked an account in the [Requested For:] filed by filtering the user filed. Next, the user filter was cleared and the checked user is not correct. ||AN01889 ||All || || ||Code Changes to update selected row indexes based on the selected rows ||1. login as superadmin |
2. create 3 EntM users; user1, user2, user3.
3. modify [Privileged Account Request] Privileged Access Role. navigate to [Users and Groups] - [Roles] - [Privileged Access Roles] - [Modify Role] and select [Privileged Account Request] - [Members] tab add following new scope rules: The member rule becomes: Member Rule (all) Scope Rules -Privileged Account (all) -Privileged Account Request (all) -Endpoint (all) ^=- add -User (all) ^=- add
4. login as user1
5. navigate to [Home] - [My Accounts] - [Privileged Account Request] and select an account
6. click [...] button besides [Requested For:] Problem A)
7. enter 'User ID = user*' for search criteria on [User Search] and click [Search] -=^ user1, user2 and user3 are listed
8. check user2 and click [OK] -=^ user2 is listed on the 3rd line
9. click [...] button besides [Requested For:] again -=^ user list is displayed with 'User ID = *' search criteria; all users are listed [expected result] user2 is checked though the user list is changed [actual result] the user listed on 3rd line is checked problem B: sorting column makes the user selection cleared 7. click [Search] and select users 8. click a column header (Name, Description or Type) to sort the list [expected result] check for users is still checked after sort [actual result] check for users is cleared after sort
|46 ||ENTM ||Fixes an issue where DST enabled the VST time stamp doesn't show the browser time when requestor checks the audit ||AN01890 ||All || || || ||When DST is ENABLED on ENTM server, the time is displayed is according to the server TZ (i.e.) for example, if ENTM is in EST with DST enabled Now when a requestor logs in from a machine where DST is not enabled, and requests for an account the time displayed is his Brower time, but once he submits the request and checks the VST it again shows the ENTM time. |
|47 ||ENTM ||Fixes an Enterprise Management Server issue where if a user renames a password policy, the program does not delete the existing job from the quartz table. This results in two jobs for the same policy. |
Once the redundant job is executed, a NullPointerException error is generated, because the password policy does not exist.
|AN01869 ||All || || || ||1. create password policy |
2. rename the password policy the result is that we have two jobs at quartz tables. one with the old password policy name and one with the new password policy name.
The expected is to have only one job for this password policy. as a result of it we have a schedule job (by the old policy name) that is being executed and ends with NullPointerException error
|48 ||ENTM ||Fixes an issue with Policy Management -> Policy -> View Policy where user is unable to review a full policy in View Policy. The user only sees a portion of the policy. To view the complete policy you must edit the policy ||AN01817 ||All || || || || |
|49 ||ENTM ||Fixes an issue with creapmd and dmsmgr utilities to correct wrong PMD directory search when creating DMS ||AN01614 ||All ||Wrong PMD directory search when creating DMS ||This fix contain changes in creapmd and dmsmgr utilities. || ||1. Server installation on Linux |
2. Remove the DMS (dmsmgr –remove –auto)
3. Shutdown AC
4. Edit seos.ini, change the default PMD folder to another (existing) folder (_pmd_directory_ token)
5. Create the DMS (dmsmgr –create –auto) - should issue an error - Failed to update DMS/DH/DH_WRITER token.
6. Start AC
7. Create the DMS (dmsmgr –create –auto) - should issue an error - Failed to update DMS/DH/DH_WRITER token.