Documentation forAccess Rights Manager

Access Rights Manager 2021.4 release notes

Release date: October 2021

Latest service release: February 2022, 2021.4.2

These release notes were last updated on February 15, 2022.

Download a translated PDF: ARM 2021.4 Release Notes (Versionshinweise, deutsch)

These release notes describe the new features, improvements, and fixed issues in Access Rights Manager 2021.4. They also provide information about upgrades and describe known issues.

If you are looking for previous release notes for Access Rights Manager, see Previous Version documentation.

New features and improvements in ARM

Extended Configuration Wizard

With the enhancements in the Configuration Wizard, you are now able to add resources to ARM, manage monitoring or change configurations using the Configuration Wizard. New features, such as filtering for failed scans, make it easier to manage the included resources.

New resource view in the web client - analyze permissions as a Data Owner

DataOwners can now view the permissions for the resources they are responsible for in the WebClient. Access to the Windows application is no longer required for this function. Learn more

Improvements for data owners

Recertification

For recertification, DataOwners are shown the changes since the last recertification. This makes the repeated process much more efficient and makes it possible to identify changes that are still pending since the last recertification and to remind them if necessary.

Configuration

Changed behavior for ARM users who have a Change role assigned and have no resources assigned in the Data Owner configuration. Previous behavior: The user could see and modify all resources in ARM. New behavior: The ARM user can only see information about their own account. Resources must now be explicitly assigned in the data owner configuration, as well as the right to modify.

Improved scanning performance for distributed file systems (DFS)

For distributed file system scanning, the ability to scan DFS namespaces and also their sites separately via assigned collectors has been added. By splitting, by the possibility to run the scans locally and by the omitted resolution requests to the DFS, the scanning performance is significantly improved.

Configuration for the new DFS scanner is only possible via the new Configuration Wizard.

Other improvements

  • The navigation in the web client has been renewed to match the look and feel of other SolarWinds products.

Return to top


New customer installation

ARM and Orion Platform products must be installed on separate servers. Note that ARM is not an Orion Platform product.

For information about installing Access Rights Manager see the "ARM Installation Guide" from the Success Center.

How to upgrade

If you are upgrading from a previous version, please refer to the chapter "Perform an update installation" from the Success Center.

The ARM server is renamed from pnServer.exe to armServer.exe. Please note this if you have set up appropriate firewall rules.

Return to top


Fixed issues

Case Number Description
789512, 622105, 705962, 779895

Fixed a problem with setting the maximum requestable file server directory depth in GrantMA.

650599 Fixed an issue with OneDrive/SharePoint Online scanning.
750882 Fixed an issue with scanning teams.
753835 An issue with the account view when the number of configured file server scans is very high was fixed.
745370, 777125 An issue with changing permissions on SharePoint Online was fixed.
784559, 785530, 814936 An issue where the installation process hung was fixed.
745330, 767629 A connection issue with RabbitMQ was fixed.
785567 Fixed an issue where under certain circumstances AD logga events were not recorded in the logbook.
761012 Fixed an issue where the Users and Groups report could no longer be generated from the Dashboard.
774319 The StrongAuthicationPhoneAppDetail attribute is now considered by the Azure AD logga. As a result, it is now possible to filter events based on this attribute.
654319 An issue where scans took significantly longer after an update than before has been fixed.
813958 The size of Exchange mailboxes is displayed again.
749300 The possibility to configure the option ReferralChasingOption has been added. This can greatly reduce a possibly long login time in special Active Directory configurations.
805438, 808827, 809901, 806262 Fixed an issue where the Exchange logga caused high RAM usage.
740140, 660047, 533587, 491560 An issue that prevented an existing collector configuration from being deleted has been resolved.
649520 An issue with the Exchange Logga was fixed.
711879 Fixed an issue where FS Logga was consuming too much disk space.
756729, 691513 Fixed an issue where the global search for Exchange Online did not work properly if the initial domain was different from the default domain.
746035, 794265 Fixed an issue where settings in the File Server Change configuration could not be saved persistently.
742907 The LDAP attributes lastLogon and lastLogonTimestamp are now usable in Analyze & Act Scenarios in the web client.
650729, 740571 In the DataOwner configuration, under certain conditions, organizational categories could no longer be created if all organizational categories had previously been deleted.
767811 Under certain conditions, group memberships for nested groups were not correctly displayed during recertification.
775570 A user with a DataOwner role with no assigned resources in the DataOwner configuration, can only see its own account in the ARM applications.
766888 It is now possible to identify the purpose group name if you know the Active Directory name of this group.
764844 Fixed an issue where FS-Logga did not work if the path consisted of only one character.
394904 Removing permissions in the web client has been optimized.
709107 Fixed an issue where under certain conditions the FS logga did not record a folder move action.
756757 Fixed a problem with the Users and Groups report, which contained information that was supposed to be hidden (blacklisted).
746306 When group memberships cannot be created in Azure AD due to group type restrictions, a corresponding error message is now displayed before execution, rather than after an attempted, unsuccessful execution as before.
785179 The security of communication with RabbitMQ has been increased.
788268

When computer objects are added to AD and the AD logga is active, these objects are displayed in the ARM applications. An additional AD scan is no longer required for this.

826382 Fixed an issue with the configuration of Exchange resources where DAGs were not found.
841877 Fixed an issue with scanning PublicFolderClientPermissions and the ForwardingAddress in Exchange.
838345 Assigning group memberships when creating a new user account can now also be done via the WebAPI.
788600 An error in SharePoint scanning was fixed. Changes to SharePoint group memberships were accelerated.
823768 In the Account view, the default view for groups in the right panel has been changed to Parents.
654302 Fixed an issue with notification emails when starting a recertification.
808264 An issue with retrieving events when monitoring Active Directory has been fixed by making it possible to specify a value for a timeout in the configuration files.
790832 A problem with monitoring NetApp file servers has been fixed, so it is now possible to retrieve the events without HTTPS by adjusting the configuration files.
760362 Fixed a problem with very slow login in ARM due to reference chasing in LDAP query.
868393 Fixed a problem with the login.
737499 Fixed an issue with the account selection for actions in the rich client. Account selection can now be saved separately in each application area.

Return to top

2021.4.1 Service release, November 2021

The 2017 SQL Express version previously included in Express Setup has been replaced by the 2019 version. Thus, installation of ARM with the Express installation is possible only on Windows Server 2016 or later.

Case Number Description
- Fixed an issue with the web client where the activation date could not be set.
757758 An issue with the login to the ARM applications was fixed.
917792 An issue with the WebAPI was fixed.
906726 Fixed a performance issue that occurred when changing configurations.
916184 Fixed an issue with the ordering process in GrantMA where an approver could no longer modify a request.
930146, 911970 Fixed an issue with Single Sign On (SSO) in the web client.
842830 Entering multiple folders that are not allowed to be ordered in GrantMA is now possible again.
- The setting for filtering an AD scan to specific OUs in the Configuration Wizard is now saved permanently.
913086, 921919, 922135, 927890 An issue with sending notification emails when changing the data owner configuration was fixed.

2021.4.2 Service release, February 2022

Case Number Description
942498 Fixed an issue with FS Logga that flooded the log with error messages.
939193, 940392, 953348 A problem with the ARM service startup has been fixed. The problem occurred only when processing scan data from a distributed DFS scan.
931901 An issue where a complete SharePoint scan failed even though only the permissions for a part of the sites to be scanned were missing.
941185 Fixed an issue where a script could not be executed after a triggered alert.

Return to top


Known issues

Return to top

User-defined templates
Issue: When using user-defined templates, AccountSearchTextField does not work for manager assignment.
Resolution/Work-around: Use a standard input field or, if possible, a drop-down menu.

 

Updating FS Logga components on Windows file servers
Issue: In some cases, automatic or manual updating of FS-Logga components on Windows file servers may fail.
Resolution/Work-around: Start the setup on the Windows file server and select the Repair option. The repair function removes the installation and reinstalls the components.

 

Active Directory accounts not resolved
Issue: In some cases, new installations may experience Active Directory scanning issues when scanning through a collector or ARM server installed on a domain controller (DC). This can result in AD accounts not resolving correctly under these conditions. Existing installations are not affected.
Resolution/Work-around: Install the ARM server or collector service on a different server, not on DCs.

 

Upgrade path

Issue: You may encounter issues when upgrading from version 2019.4 to version 2021.4.

Resolution/Work-around: Perform an interim update with version 2020.2.7. Please refer also to the chapter Perform an update installation.

 

SharePoint on-premise selection of elements to be scanned

Issue: In the Configuration Wizard, the selection of items to be scanned from a SharePoint server does not work yet.

Resolution/Work-around: Use the Configuration Application to configure SharePoint scans.

 

Configure multiple Microsoft 365 resources in Configuration Wizard in one go
Issue: Adding multiple Microsoft 365 resources in one go in Configuration Wizard will lead to a problem in completing the wizard.
Resolution/Work-around: Select only one Microsoft 365 resource per pass.

 

Configure file server monitoring in Configuration Wizard
Issue: After adding file server monitoring using the configuration wizard, monitoring should be enabled by default. This is sporadically not the case.
Resolution/Work-around: Use the old configuration application to enable file server monitoring, if necessary.

Return to top


CVEs

SolarWinds would like to thank our Security Researchers below for reporting on the issue in a responsible manner and working with our security, product, and engineering teams to fix the vulnerability.

CVE-ID Vulnerability title Description Severity Credit

CVE-2021-35227

Insecure Web Configuration for RabbitMQ Management Plugin. The HTTP interface was enabled for RabbitMQ Management Plugin in ARM 2020.2.6 and earlier. The ability to configure HTTPS was not available. Medium Chris Townsend

Return to top


End of life

Return to top

With the release of ARM version 2021.4, the following versions of ARM are no longer supported:

  • ARM 9.2

See the End of Life Policy for information about SolarWinds product life cycle phases. To see EoL dates for earlier ARM versions, see ARM release history.

Return to top


End of support

This version of Access Rights Manager no longer supports the following platforms and features.

Platform / Feature Details
Operating system

Windows Vista

Operating system Windows 7
Microsoft application

Exchange 2010

Microsoft application SharePoint 2010

Return to top


Deprecation notices

Return to top

This version of Access Rights Manager deprecates the following platforms and features.

Deprecated platforms and features are still supported in the current release. However, they will be unsupported in a future release. Plan on upgrading deprecated platforms, and avoid using deprecated features. Customizations applied to a deprecated feature might not be migrated if a new feature replaces the deprecated one.

Type Deprecation

Windows 8.x

The operating system is considered deprecated for the ARM applications as of this version. Although you can still install ARM applications on Windows 8.x, this operating system version is outdated and will not be supported in future versions of ARM. It is possible that problems caused by the deprecated operating system version may not be resolved by SolarWinds. SolarWinds strongly recommends that you upgrade your operating systems at your earliest convenience.

Windows Server 2012 / 2012 R2 The operating system is considered deprecated for the ARM applications as of this version. Although you can still install ARM applications on Windows Server 2012 / 2012 R2, this operating system version is outdated and will not be supported in future versions of ARM. It is possible that problems caused by the deprecated operating system version may not be resolved by SolarWinds. SolarWinds strongly recommends that you upgrade your operating systems at your earliest convenience.
SQL Server 2012

SQL Server 2012 is considered deprecated as of this version. Although you can still use ARM with SQL Server 2012, this SQL Server version is deprecated and will no longer be supported in future versions of ARM. It is possible that problems caused by the deprecated SQL Server version may not be resolved by SolarWinds. SolarWinds strongly recommends that you upgrade your systems at your earliest convenience.

SQL Server 2014 SQL Server 2014 is considered deprecated as of this version. Although you can still use ARM with SQL Server 2014, this SQL Server version is deprecated and will no longer be supported in future versions of ARM. It is possible that problems caused by the deprecated SQL Server version may not be resolved by SolarWinds. SolarWinds strongly recommends that you upgrade your systems at your earliest convenience.

 


Legal notices

Return to top

© 2021 SolarWinds Worldwide, LLC. All rights reserved.

This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.

SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.