This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problem with business role detections

Hi,

Running Identity Governance 3.6.1 on SLES 15.1. MSSQL 19.

We have an issue with Business role detection. My understanding is that business role detection for "All business roles" should be triggered after publishing identities/applications, but that isn't happening for us. 

We have also tried to trigger a business role detection by creating and deleting technical roles without any luck.

If we publish or edit a business role it is detected correctly. Detection types "Eval Date Formulas" and "Check Expirations" seem to run correctly.

I don't see any errors in catalina.21-xx-xx.log. But in catalina.out I see this related to business role detection:

"pool-BusinessRoleDetectionService-1-thread-1" #389 daemon prio=5 os_prio=0 tid=0x00007f4bb4026800 nid=0x4eab waiting on condition [0x00007f4ba412b000] java.lang.Thread.State: WAITING (parking) at sun.misc.Unsafe.park(Native Method) - parking to wait for <0x00000000c6ac8fa0> (a java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject) at java.util.concurrent.locks.LockSupport.park(LockSupport.java:175) at java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject.await(AbstractQueuedSynchronizer.java:2044) at java.util.concurrent.ScheduledThreadPoolExecutor$DelayedWorkQueue.take(ScheduledThreadPoolExecutor.java:1081) at java.util.concurrent.ScheduledThreadPoolExecutor$DelayedWorkQueue.take(ScheduledThreadPoolExecutor.java:809) at java.util.concurrent.ThreadPoolExecutor.getTask(ThreadPoolExecutor.java:1074) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1134) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748)


We have a number of business roles with auto-grant and auto-revoke permissions so it's important for us to get this working. Any advice on how to troubleshoot this would be appreciated.

  • 0  

    Greetings,
         Please be advised that MS SQL 2019 is not supported with ID Gov 3.6.1. The required version is MS SQL 2017. I would suggest that you open a Service Request with Support and reference this topic.

    Sincerely,
    Steven Williams
    Principal Enterprise Architect
    Micro Focus

  • 0 in reply to   

    Hey There. Experiencing the same problem after upgrading IG from 3.7 to 3.7.3 on Linux running SQL 2019. Please share what solution worked for your environment.    

  • 0 in reply to 

    Hi

    We have IGA 3.7 running on RHEL 8.6 connecting to MS SQL 2019 (15.0.4312.2 ) using the following jdbc driver (mssql-jdbc-9.4.1.jre8.jar). We have around 170 business roles. My experience is that the business role evaluation runs every hour on the hour. We have no issues with auto-grant and auto-remove. I do check the inconsistencies weekly and there are usually 10 or so that needs to be fixed. Hope this helps a bit.

  • 0

    We are running IG 3.7.3 on a postgresql 12.7 backend and have the same issue.  Business roles are not doing any detections for quite some time now and I cannot get it to run them without changing each individual business role to force a re-evaluation.

  • 0   in reply to 

    Greetings Robert,
            Please be advised that Postgres 12.x is not Certified nor Supported with any version of Identity Governance. ID Gov 3.7.3 is Certified and Supports on Postgres 11.x


    Sincerely,
    Steven Williams
    Principal Enterprise Architect
    OpenText Cybersecurity

  • 0 in reply to   

    My mistake, IDM is the 12.x DB, this is running on 11.x