General Page
This list of known issues and limitations is in addition to those documented in Known limitations, issues, and workarounds.
The following limitations are known:
- (IT-638) For OU campaigns in Access Certification, bulk actions might show wrong Sign Off icons.
The Sign Off icons might not immediately display the real status of review actions (approve or revoke). The issue arises when there is lag from database processing of approval/revoke. It shows correct state after refreshing or loading the panel again. -
(IT-1745) On-boarding of user data contains Organization Code instead of Organization Name.
When user data is populated from an Identity Broker-based HR profile (for example, SAP or Peoplesoft HR Feeds), the issue takes place if the OU of the user is not already defined in Identity Governance and Intelligence. In typical situations, users are reconciled into Identity Governance and Intelligence. If the associated OU definition is missing (from Identity Governance and Intelligence), the OU is also reconciled. However, the audit record for this unique case populates the OU Code of the User's Organizational Unit, instead of the OU Name, because it does not yet exist in the system.The following sequence of audit events is generated for this unique case:1. A user is first added to the ROOT OU, and a USER_ADD record is logged in the audit_log with OU as ROOT.
2. The OU is created by the rule engine.
3. The User is moved into this OU by the rule engine and hence a USER_MODIFY record is logged into the audit log.This USER_MODIFY event has the OU Code of the User's Organizational Unit instead of the actual OU Name.If the user's OU already exists in Identity Governance and Intelligence, the audit record shows the right OU Name. - (IT-1821) On Internet Explorer v11, the Administration Console menu pane and pop up dialog boxes show transparent the first time they are opened.
Workaround: Minimize, and then maximize, the window. After you do this the first time, the issue does not occur again. - (IT-3345) When the virtual appliance is configured on the M2 interface, the local management interface is not accessible for the first-time activation. To make the local management interface accessible, restart it manually with the 'lmi>restart' command of the virtual appliance command line interface.
- If you use the Rule Development Toolkit that is available in the 'IBM Security Identity Governance xxx v5.2.6.1 Database Installation Scripts and Tools' eAssemblies, be aware that he toolkit does not support dots (.) in the rule names. If you find java classes with names that contain dots after you download the toolkit, remove the dots. Update also references to these classes.
Undocumented step for the virtual appliance setup if you installed on Amazon EC2
If you installed your virtual appliance on Amazon EC2, you need to run an extra step in addition to the ones that are documented in Setting up a stand-alone or primary node for IBM Identity Governance and Intelligence with the initial configuration wizard.
In Setting up a stand-alone or primary node for IBM Identity Governance and Intelligence with the initial configuration wizard, run the following step between step 3 "Select Primary" and step 4 "Choose a configuration mode":
"Configure the virtual appliance Hosts file.
In the left pane, select Hosts file and add the 2 private IPs that were supplied by Amazon when you configured the network:
- Associate the private IP that was assigned to the primary network interface to the virtual appliance hostname. This is the same hostname that you used in the configuration of the virtual machine.
- Associate the other private IP to the virtual appliance Application interface FQDN. This is the same fully qualified hostname that you will use in the setup of the Application interface."
Information for users of the Turkish locale
If you use the Turkish locale you must install the patch_turkish.sql script on your freshly installed Identity Governance and Intelligence database on DB2 or Oracle. This is not a limitation, but a required step.
This is not required for the internal PosgreSQL database.
Follow these steps:
1. Download the eImage with the SEC_IDNTY_GVN_INTL_COMP_V5.2.6.2_DT_TOOL.zip file from Passport Advantage.
2. Unzip the file and find the TURKISH folder for your type of database (DB2 or Oracle) among the database installation scripts.
3. Use the clpplus (DB2) or sqlplus (Oracle) to run the patch_turkish.sql script on the database.
See also https://www.ibm.com/support/knowledgecenter/SSGHJR_5.2.6/com.ibm.igi.doc/installing/ref/r_enable_for_turkish_i.html for important information.
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSGHJR","label":"IBM Security Identity Governance and Intelligence"},"ARM Category":[{"code":"a8m0z0000001hXBAAY","label":"Identity Governance & Intelligence"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.2.6","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
14 August 2020
UID
ibm16255610