Versions Compared

Old Version 26

changes.mady.by.user Dev Raj Gautam

Saved on

compared with

New Version 27

changes.mady.by.user Dev Raj Gautam

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Warning

Please note that these release notes are for a future release and are currently in progress. The information contained within may change before the final release. As such, the final release notes will be prepared closer to the official launch date.

Sep 16- Sep 20

Resource Admin

  • Reverted the workflow for non-Azure app eligibility from ManageApplicationWizard to ManageNonAzureAppWizardWF, ensuring that users can now load the correct workflow for non-Azure applications. This fix was implemented based on customer feedback to improve eligibility handling.

Workflows

  • Implemented enhancements for the OnboardMailbox workflow, including adding a popup grid search for the Responsible Party and introducing IsRequired parameters for Responsible Party, Owner, and Deputy fields. The lookup now targets a more flexible configuration, allowing customization for the desired audience. Adjustments were made to use GetSearchAdvanced for Owner selection, enhancing accuracy in the selection process. These updates improve the onboarding experience for mailboxes.

  • Implemented a fix in the "ManageAzLocalRoleWizard" to support the "Edit IAM Shop Settings" action, allowing for managing single local roles. Adjustments include flagging the local role as requestable and assigning access request policies and eligibility. This update enhances the UI control for access checks, ensuring the settings align with user requirements.

  • Introduced a feature to add custom validation in the OnboardApplication Segment Workflow, specifically for the TCP and UDP port range repeater sections. This enhancement ensures that users must enter values in either the TCP or UDP ports, preventing form submission if both sections are left empty. If neither section contains input, users will receive prompts to provide necessary port information before proceeding.

  • Introduced a new feature in the ManageApplicationWizard to enable IAM Shop settings for single selection. This update includes adding the WizardAction property and the functionality for IsWizardBack in the ManageLocalRightRoleIAMShopSettings activity, aligning with the current design requirements. The workflow has been upgraded to meet the latest standards, incorporating skip rules and back navigation steps. This enhancement allows for the contextual and non-contextual editing of IAM Shop settings for individual applications.

Performance Enhancements

  • Updated the AssignResourceToAccessRequestPolicyOperation to call an optimized update method, Custom_Resource_UpdateAccessRequestPolicies, instead of the Resource_Update method. This change significantly improves performance and prevents timeouts in client production environments. The update impacts multiple workflows, including CreateAzureApplication, OnboardMailbox, OnboardGroup, ManageGroupWizard, and others, ensuring more efficient handling of access request policy operations.

  • A feature to implement the GetAllCached method for Nation retrieval, enhancing performance, has been added.

Resolved Issues & UI Fixes

  • Updated the OracleHCMMicroservice to retrieve the HasMore flag from the API. This fix addresses the issue where HCM accounts and persons were not reactivated when a future ValidUntil date was sent. The enhancement enables pagination by allowing the retrieval of subsequent pages.

  • Resolved a UI overlap issue by fixing the alignment and position of hide/show buttons in the Business and Location domains. This bug was particularly noticeable when accessing the Role and Location Mapper and clicking the Map selected to new button without any selection, causing text to overlay in the classification section and an unclickable button to appear near the save button.

  • Introduced a feature to add custom validation in the OnboardApplication Segment Workflow, specifically for the TCP and UDP port range repeater sections. This enhancement ensures that users must enter values in the TCP or UDP ports, preventing form submission if both sections are left empty. If neither section contains input, users will receive prompts to provide necessary port information before proceeding.

  • Implemented a usability fix for the IT Shop, where users requesting an App Role or Right will now see existing assignments highlighted. When a user clicks on an App Right, Role Definition, or App Management Roles, an info icon will display a message prompting them to check their previous assignments. This enhancement aims to improve user experience by making it clearer when roles or rights are already assigned.

  • Resolved an issue where the application would crash when users attempted to make a bulk decision for items. Previously, users encountered a blank screen with errors instead of successfully saving their decisions when increasing the number of items in the list to twenty-five or more and selecting Decide All. This fix ensures that bulk decisions are processed correctly, regardless of the individual decisions for items on the screen.

Sep 2 - Sep 13

Microservices

  • Major upgrade transitions all microservices from .NET 6.0 to .NET 8.0. The update addresses the upcoming end-of-support for .NET 6.0, ensuring continued security and support by leveraging the latest .NET framework enhancements. This upgrade does not affect current functionality or performance but is crucial for maintaining future compatibility and receiving ongoing support.

...

  • A security fix has been implemented for the PSM session to ensure that the Session Events tab is only visible to users with the appropriate access. This update prevents unauthorized access by hiding the tab for users without the required permissions.

  • The issue causing a 500 error in the PSM workflow when connecting to a Linux computer via SSH key credentials has been resolved. Previously, the workflow failed if the credentials had an invalid or null account. With this fix, users can connect successfully even if the credential does not have an account.

Workflows

  • Changes were made to the ProcessAccountInboxBulk workflow to prevent the insertion of duplicate AttributeInboxes when AccountJoined and AccountsProvisioned are not cleared on subsequent runs. This fix addresses the issue of creating duplicate entries after the joiner process or the provision of a person is completed.

  • Updated the ManageAzFieldType workflow by handling the ApplicationResourceID in SelectedResourceID and upgrading the workflow to a wizard flow. This includes a new step to select the application first and improved navigation. The enhancement includes a more intuitive workflow with back-and-forth navigation options.

...

  • A fix has been implemented to address an issue with the RemoveGroupsFromGroupMembershipBulkOperation, where nested groups were causing a "Key not present in the dictionary" error during fulfillment. The update includes modifications to ensure that member groups are added to the GroupDictionary, resolve the issue, and prevent errors related to missing keys. This fix will ensure smoother operation without impacting the current setup.

Workflows

  • A new feature has been introduced to enhance the management of roles by adding a form that allows users to update various attributes of a management role. This enhancement will be utilized by all workflows that include the EditManagementRoleOperation activity, ensuring a more consistent and effective management process across the system. The new form supports the following operations: Enable Requestable, Disable Requestable, Edit Description, Edit FriendlyName, Edit Instructions, Edit Custom Attributes, Edit Extension Attributes, Edit Email, and Edit KeyEntryInstructionsName. This update aims to streamline the process and improve functionality by replacing individual operations with a more efficient RBACObjectAttribute and ResourceTypeOperation mapping approach.

  • A fix has been implemented to address an issue with the RemoveGroupsFromGroupMembershipBulkOperation, where nested groups were causing a Key not present in the dictionary error during fulfillment. The update includes modifications to ensure that member groups are added to the GroupDictionary, resolve the issue, and prevent errors related to missing keys. This fix will ensure smoother operation without impacting current setups.

  • A new feature has been introduced in the workflow MassMaintainenceManagemetRoleWF to allow users to import approvers by adding Approvers in the CSV file column. This enhancement enables the inclusion of approvers' data during the import process. The feature is designed to simplify the management of approvers and ensure they are properly imported with the necessary data. This update provides users with greater flexibility in handling approver information.

  • A new feature has been added to enhance the flexibility of configuring access request policies. Users can now set access request policy selection as either optional or required across various workflows. This feature was requested to allow different clients to tailor the policy settings according to their specific needs. Modified workflows are ManageAzLocalRightWizard, ManageAzLocalRoleWizard, ManageAzureAppRoleWizard, ManageAzureAppWizard, ManageCredentialWizard, ManageGroupWizard, ManageManagementRoleWizard, ManageComputerWizard.

...

  • In the IAMShop application, a new feature has been added to improve the user experience when requesting access to applications. A Select All button has been implemented for multi-select FieldType controls, specifically for the MultiSelectCheckBoxList field type. This enhancement allows users to select all values associated with a FieldType in one action, streamlining the selection process and reducing manual entry time. Additionally, functionality has been added to force users to select at least one value when the EnforceFieldTypeSelection flag is true, and the isFieldTypes flag is also true. This will prevent users from adding to the cart without meeting the selection criteria. The EnforceFieldTypeSelection flag is available in OnboardAzLocalRight WF advanced settings.

  • A new feature has been introduced to display deputies for App Rights and Role Definitions based on configurable ResourceTypeRoles. The configuration is managed via the ResourceSystemConfigSetting with the name ResAdminDeputiesResourceTypeRolesIds, where you can define the ResourceType and its associated ResourceTypeRoleID for deputies. This update lets you see deputies assigned to App Rights and Role Definitions according to the configured ResourceTypeRoles.

Workflows

  • The MassMaintenancePersonManagementRoleWF workflow has been enhanced to support additional parameters in CSV uploads for managing role memberships. The new fields include ValidFrom, ValidTo, and Justification. The ValidFrom and ValidTo fields manage time constraints, while the Justification field will be recorded in the audit log for both the management role and the person. Existing fields such as the management role name, person login or GUID, and actions like Add and Delete were already incorporated.

  • The OnboardAzLocalRole workflow has been enhanced to include the capability to set the PBAC Approval Right with a dropdown menu on the form. This enhancement provides additional functionality and better visibility options for PBAC Approval Rights.

  • Multiple UX functionality has been introduced for the ManageApplicationWizard.

    • The PBAC App checkbox and associated controls have been removed from the form.

    • The description field has been updated to a multiline format.

    • Help text has been added for the authorization model and checkboxes.

    • Additionally, the Cancel button has been renamed to Back, and issues with Back and Next steps have been fixed.

    • The Edit App Settings list data item value has been renamed to Edit Application Settings.

    • Missing labels, including those for managing application settings, rights, roles, and help texts, have been added.

  • New functionality has been added to the ManageAzLocalRoleWizard workflow:

    • New Action: Added Edit Role Definitions Settings to Multi Actions with a disclaimer indicating that changes affect all selected role definitions.

    • PBAC Approval Right: Added a dropdown similar to the OnboardAzLocalRight workflow, with changes applied only upon selection.

    • Visibility Control: Introduced Multi_PBACApprovalRight_IsVisible to control field visibility in multi-action cases.

    • Field Population: Ensured that the selected AzLocalRightID was populated in the AzLocalRole table’s ApprovalAzLocalRightID column.

    • Single Action: Added Edit Role Definition Settings to Single Actions, including a form to edit Name, Friendly Name, Description, Instructions, and PBAC Approval Right dropdown.

    • New Menu Items: New items for Multi Actions and Single Actions were added in the ManageAzLocalRoleWizard.

    • Included changes from Manage IAM shop multi-settings and a bug fix related to the approval flow policy.

  • Multiple enhancements have been introduced in the ManageAzLocalRightWizard workflow:

    • Local Right Settings for Multiple Selection: Added the capability to configure local right settings when multiple rights are selected simultaneously.

    • Edit Owners and Deputies for Multiple Rights: The wizard now includes the option to edit owners and deputies for multiple local rights.

    • EnforceFieldTypeSelection: Added the EnforceFieldTypeSelection field for both single and multiple selection scenarios.

    • Deprecation of "Assign Responsible Party": Deprecated the "Assign Responsible Party" action for multi-selection, streamlining the process.

    • These updates enhance the flexibility and functionality of the ManageAzLocalRightWizard, allowing for more efficient management of local rights.

...

  • A fix has been implemented to improve the detection and suppression of XSS (Cross-Site Scripting) attacks on the Query (also known as Set) details page. This update enhances the security of the Queries (Sets) functionality by strengthening measures to prevent the injection of potentially harmful scripts. As a result, the application is better protected against security vulnerabilities related to XSS attacks.

Workflows

  • A fix has been implemented for the Management Role Grant Access business request item. The update corrects the handling of management role access by ensuring it is categorized under Grant Access rather than as a member. This fix applies to the CreateBRManagementRoleOnboarding activity and the onboardManagementRoleApproval workflow, resolving the issue and improving request processing accuracy.

...