Identity Manager Roles and Task XML contain object="UNKNOWN"

book

Article ID: 4080

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On

Issue/Introduction

Inspecting RoleDefinitions.xml might reveal UNKNOKWN object for different endpoints screens - such as

<Screen name="Default Active Directory Primary Group Endpoint Capability Search" tag="DefaultActiveDirectoryPrimaryGroupEndpointCapabilitySearch" screendefinition="EndpointCapabilitySearch" object="UNKNOWN">

 

Cause

Seeing object="UNKNOWN" is usually caused by JAR files (for Custom / DYN endpoints) which have been removed from Identity Manager - however the associated screens and tasks were left behind.

Another occurrence when we might see object="UNKNOWN" is after an upgrade from any IM 12.5 Pre-SP7 release level to IM 12.5 Post-SP7 release level. This is due to changes made on SP7 and onwards releases which causes the initial object name to change and therefore become obsolete.

Environment

IM 12.5 SPxIM 12.6 SPx

Resolution

If the screen(s) associated with the UNKNOWN object is related to a Custom Endpoint, the recommendation is to place the missing JAR back, then delete the associated Tasks and Screens related to that Endpoint and only then remove the JAR.

If the screen(s) associated with the UNKNOWN object is related to any Original Endpoint (Active Directory, CA Access Control etc), as a result of an upgrade from Pre SP7 to any Post SP7, the recommendation is to delete all screens set with object="UNKNOWN" so these are not migrated between Environments.

For this use case, please be aware that the only way to permanently remove the screens associated with object="UNKNOWN" is by exporting the environment, delete it and then recreate an environment after you have removed those screens from the RoleDefinitions.XML.

There is no way to completely remove these screens from an existing environment.