Version: Cloud

Resolved Issues and Bug Fixes

Read more about resolved issues and bug fixes in this release.

Access Request

Unable to submit a written request in Access request

We fixed a bug where attempting to submit a written Access request with the SoD policy check enabled resulted in no action when clicking the Submit button.

INC-279050

We fixed a bug in the Access request where, if a user had two account types within a system and a resource was marked for both types, the popup to select the account type did not display correctly. The field is now correctly displayed when there is one or fewer account types, and auto account creation is enabled.

INC-279453

Unmanageable pending request

We fixed an issue where an error occurred when submitting survey questions that lacked the workflowStepLog element in the survey object XML. The survey object is now automatically updated to include the missing element when not present.

INC-280218

Error message when requesting access

We resolved an issue in the Access request. Now, the objectType parameter in the omada.wsproxy.ConvertId function is optional and defaults to DataObject if not specified

INC-279757

Enterprise Server

Calling GetDataObjects over Webservice with `viewId` parameter does not respect columns in view

We have updated the WebService call at WebService/UIWebService.asmx/GetDataObjects, which is also accessed via the JavaScript API omada.wsproxy.getDataObjects(). With this update, when the API is called with a viewId argument, it will now return only the property values specified in the view's definition (previously, it returned all property values for the objects). Additionally, the API now respects the DownloadLimit setting from the view configuration.

INC-274970

Survey verdict incorrectly prolongs CRA validity

There was an issue with survey verdict prolonging the CRA validity. Now, for CRAs with no actual state, the Days before verdict expires field in the survey form will not extend the survey verdict's validity. Instead, the validity will remain as initially set during the direct assignment. This behavior now applies to any desired state.

INC-278561

Governance for Omada Identity - changeset with new User group is non-importable

We've resolved an issue in Governance for Omada Identity feature related to the creation of management resources for user groups. Now, a management resource is no longer created when a user group is added through a changeset, as the changeset already includes the necessary record of the resource

INC-278223

Renewal Survey Post Action

We have resolved a bug that caused an exception to be thrown when no active event definitions were configured for the survey.

INC-279369

Lengthy attribute values fail identity calculations

We fixed a calculation error when a differentiator exceeding 200 characters was stored in SQL server with an insufficient column size. Now, the differentiator length is unlimited.

INC-277951

Issue with managing two users with the same username on the same day

We fixed a bug where two users with the same username couldn't be created and deleted on the same day.

INC-277589

Access to Email log

We have fixed an issue where setting the ReqAdmRightToMailLog customer setting to False granted access to email log to everyone.

We have introduced Email log, a new authorization element for accessing email details. It is added to the Administrator role by default. If you had the ReqAdmRightToMailLog customer setting set to False, it is also added to the Operation Administrator and Service Desk roles.

The ReqAdmRightToMailLog customer setting is now deprecated. From now on, all access to email log and sent emails is dependent on the Email log authorization element.

INC-280067

The ShowIndirect setting missing in resource assignment reports

The WRE005 Resource assignment in period and WRE004 Resource assignment change log resource assignment reports were missing the setting to either include or exclude indirect assignments. The issue has been resolved and the ShowIndirect configurable setting has been added to relevant reports.

INC-272681

Role and Policy Engine

RoPE calculation issue

There was a performance issue with RoPE calculations. The preparation of default account names was ineffective for large numbers of account resources. We have optimized the process for calculating default account names in RoPE, and the issue has now been resolved.

INC-279797

ResourceType change of a Resource is not reflected in RoPE

When the resource was changed during the calculation of irrelevant properties (and calculation was discarded), this resource was not updated in the RoPE resource table. This is now fixed.

INC-276848

RoPE Exchange Integration extension not working with latest Entra ID Collector

ExchangeIntegrationExtension for RoPE checked only the systems onbaorded with Microsoft Azure Active Directory connectivity. Now it also checks for systems onboarded with the Microsoft Entra ID connector.

INC-280853

Backwards reference path not working in AttributeValueResolver extension

We fixed an issue with the RoPE AttributeValueResolver extension. The reference path expressions with backward references (with a backslash \) caused the expression to fail. This issue was fixed.

INC-279715

Issue with provisioning some users until manual recalculation

We fixed an issue where changes to identities were registered in RoPE as handled events but the identities were not added to the calculation queue.

INC-278074

Issue with resource-driven attributes

The AttributeValueResolver RoPE extension has been improved. Resource-driven attributes are now calculated before the expression-based attributes, which means that the result of the resource-driven attributes can now be used in expressions.

INC-277917

Connectors

Issue with copying `SYSONB_JOBREQUESTSUPPORT` value from template to new connector

We resolved an issue where, when a new OPS connector was created based on the template, the value of the SYSONB_JOBREQUESTSUPPORT property was not copied to the new template.

Active Directory connector proxyaddresses existing values cleared (string splitter, value set to NO)

In a provisioning scenario, when using a multi-value expression or string splitter mappings type, the values were cleared if it was set on the task mappings or in property values settings in OPS DB. This behavior was changed: now the value from the task mappings is used. Values from the database are used only if there are no task mappings defined.

INC-279581

Provisioning monitor fails for system owners

The provisioning monitor dialog didn't work correctly for the system owners, returning the following error:

Error performing monitor client action. Error message: Provisioning configuration for system '{system name}' contains an error. Data object of type 'Task Mapping' with UId or name '{task mapping name'} could not be found.

This bug has been fixed.

INC-280812

Other

Missing attribute fields in Control policy form

We have resolved issues where the Exceptions attribute button and other controls were missing in control policies.

INC-278127

UpdateAndRouteSurveyObjects fails with unexpected exception

We fixed a bug where submitting completed survey objects resulted in an exception.

INC-278437

Work item process not localized

We resolved an issue where the work item widget on the home page was not displaying in the appropriate language. This fix ensures that the widget now correctly adheres to the user's selected language settings across all supported languages.

INC-279493

Password maximum length validation in both fields

We fixed an issue in the password reset confirmation field. The field did not have a limit of the number of characters allowed, which could cause a validation error when the password limit was exceeded in the first field.

INC-278670

SoD constraints are calculated wrong in RoPE when using business process and scoping attributes

We have resolved an issue where two conflicting assignments were incorrectly calculated as non-conflicting when adding a third non-conflicting resource. This occurred in scenarios using business processes combined with scoping attributes.

INC-280125

Slow Omada Delegate Identity Lookup

We have resolved a bug that improves performance when the IdentitiesAccessModifier is invoked by a resource owner managing a substantial number of resources. This enhancement is particularly evident in identity views where the access modifier is applied.

INC-274261

Surveys

Remove verdict in CRA surveys should not use Verdict expires after days

We resolved a bug by modifying the logic in the survey templates Access Review for Managers and Access Review for Resource Owners. When an assignment is set to the Remove action, the generated verdict will now have an infinite expiration time, overriding the Verdict expires after days survey setting.

INC-280881

Documentation

Update to Validity period and disabled status documentation

We've updated the Validity period and disabled status documentation regarding the validity calculation logic. The following information has been added to the guide:

If an identity is not active and the resource for which we are calculating validity is an account resource, the validity of any other objects involved in the resource validity calculation will be disregarded if they do not intersect with the identity's validity period.

INC-275290

Removal of RoPE warning and update to auto accounts documentation

We have removed the following RoPE warning that was introduced in the August release: An auto account has not been created for resource 'X' because of an existing but disabled account for the system. Now, this behaviour is only described in the auto accounts documentation. The following information has also been added to the guide:

If auto account creation is enabled for a system or resource type, it will not create an account if an existing account for that identity and system already exists and has no defined desired state. This can cause an issue if the existing account is disabled, as the auto account would generate an enabled account.

PRB-96, INC-279355

Update to Delegate access documentation

We've updated the Delegate access documentation regarding the RoPE automatic recalculation when a delegation is created. The following information has been added:

If RoPE is configured to recalculate upon the creation of a delegation (which is the default setting), it will automatically calculate the identity of the delegate to grant the appropriate access. Additionally, if the delegation exclusive customer setting is enabled, the delegator's access will also be recalculated, as they will lose access to the resources that the delegate gains access to.

INC-277866

Access Request​

Unable to submit a written request in Access request​

Account selection popup doesn't appear in classic view of Access request UI​

Unmanageable pending request​

Error message when requesting access​

Enterprise Server​

Calling GetDataObjects over Webservice with viewId parameter does not respect columns in view​

Survey verdict incorrectly prolongs CRA validity​

Governance for Omada Identity - changeset with new User group is non-importable​

Renewal Survey Post Action​

Lengthy attribute values fail identity calculations​

Issue with managing two users with the same username on the same day​

Access to Email log​

The ShowIndirect setting missing in resource assignment reports​

Role and Policy Engine​

RoPE calculation issue​

ResourceType change of a Resource is not reflected in RoPE​

RoPE Exchange Integration extension not working with latest Entra ID Collector​

Backwards reference path not working in AttributeValueResolver extension​

Issue with provisioning some users until manual recalculation​

Issue with resource-driven attributes​

Connectors​

Issue with copying SYSONB_JOBREQUESTSUPPORT value from template to new connector​

Active Directory connector proxyaddresses existing values cleared (string splitter, value set to NO)​

Provisioning monitor fails for system owners​

Other​

Missing attribute fields in Control policy form​

UpdateAndRouteSurveyObjects fails with unexpected exception​

Work item process not localized​

Password maximum length validation in both fields​

SoD constraints are calculated wrong in RoPE when using business process and scoping attributes​

Slow Omada Delegate Identity Lookup​

Surveys​

Remove verdict in CRA surveys should not use Verdict expires after days​

Documentation​

Update to Validity period and disabled status documentation​

Removal of RoPE warning and update to auto accounts documentation​

Update to Delegate access documentation​