Documentation forAccess Rights Manager

Access Rights Manager 2021.4 Release Notes

 

Release date: October 2021

This document was last updated on: September 30, 2021

Download a translated PDF: ARM 2021.4 Release Notes (Versionshinweise, deutsch)

These release notes describe the new features, improvements, and fixed issues in Access Rights Manager 2021.4. They also provide information about upgrades and describe known issues.

If you are looking for previous release notes for Access Rights Manager, see Previous Version documentation.

 

New features and improvements in ARM

Extended Configuration Wizard

With the enhancements in the Configuration Wizard, you are now able to add resources to ARM, manage monitoring or change configurations using the Configuration Wizard. New features, such as filtering for failed scans, make it easier to manage the included resources.

 

New resource view in the web client - analyze permissions as a Data Owner

DataOwners can now view the permissions for the resources they are responsible for in the WebClient. Access to the Windows application is no longer required for this function. Learn more

 

Recertification improvements for data owners

For recertification, DataOwners are shown the changes since the last recertification. This makes the repeated process much more efficient and makes it possible to identify changes that are still pending since the last recertification and to remind them if necessary.

 

Improved scanning performance for distributed file systems (DFS)

For distributed file system scanning, the ability to scan DFS namespaces and also their sites separately via assigned collectors has been added. By splitting, by the possibility to run the scans locally and by the omitted resolution requests to the DFS, the scanning performance is significantly improved.

Configuration for the new DFS scanner is only possible via the new Configuration Wizard.

 

Other improvements

  • The navigation in the web client has been renewed to match the look and feel of other SolarWinds products.

 


New customer installation

Return to top

ARM and Orion Platform products must be installed on separate servers. Note that ARM is not an Orion Platform product.

For information about installing Access Rights Manager see the "ARM Installation Guide" from the Success Center.

How to upgrade

If you are upgrading from a previous version, please refer to the chapter "Perform an update installation" from the Success Center.

The ARM server is renamed from pnServer.exe to armServer.exe. Please note this if you have set up appropriate firewall rules.

 


Fixed issues

Return to top

ARM 2021.4

Case Number Description
789512, 622105, 705962, 779895

Fixed a problem with setting the maximum requestable file server directory depth in GrantMA.

650599 Fixed an issue with OneDrive/SharePoint Online scanning.
750882 Fixed an issue with scanning teams.
753835 An issue with the account view when the number of configured file server scans is very high was fixed.
745370, 777125 An issue with changing permissions on SharePoint Online was fixed.
784559, 785530, 814936 An issue where the installation process hung was fixed.
745330, 767629 A connection issue with RabbitMQ was fixed.
785567 Fixed an issue where under certain circumstances AD logga events were not recorded in the logbook.
761012 Fixed an issue where the Users and Groups report could no longer be generated from the Dashboard.
774319 The StrongAuthicationPhoneAppDetail attribute is now considered by the Azure AD logga. As a result, it is now possible to filter events based on this attribute.
654319 An issue where scans took significantly longer after an update than before has been fixed.
813958 The size of Exchange mailboxes is displayed again.
749300 The possibility to configure the option ReferralChasingOption has been added. This can greatly reduce a possibly long login time in special Active Directory configurations.
805438, 808827, 809901, 806262 Fixed an issue where the Exchange logga caused high RAM usage.
740140, 660047, 533587, 491560 An issue that prevented an existing collector configuration from being deleted has been resolved.
649520 An issue with the Exchange Logga was fixed.
711879 Fixed an issue where FS Logga was consuming too much disk space.
756729, 691513 Fixed an issue where the global search for Exchange Online did not work properly if the initial domain was different from the default domain.
746035, 794265 Fixed an issue where settings in the File Server Change configuration could not be saved persistently.
742907 The LDAP attributes lastLogon and lastLogonTimestamp are now usable in Analyze & Act Scenarios in the web client.
650729, 740571 In the DataOwner configuration, under certain conditions, organizational categories could no longer be created if all organizational categories had previously been deleted.
767811 Under certain conditions, group memberships for nested groups were not correctly displayed during recertification.
775570 A user with a DataOwner role with no assigned resources in the DataOwner configuration, can only see its own account in the ARM applications.
766888 It is now possible to identify the purpose group name if you know the Active Directory name of this group.
764844 Fixed an issue where FS-Logga did not work if the path consisted of only one character.
394904 Removing permissions in the web client has been optimized.
709107 Fixed an issue where under certain conditions the FS logga did not record a folder move action.
756757 Fixed a problem with the Users and Groups report, which contained information that was supposed to be hidden (blacklisted).
746306 When group memberships cannot be created in Azure AD due to group type restrictions, a corresponding error message is now displayed before execution, rather than after an attempted, unsuccessful execution as before.
785179 The security of communication with RabbitMQ has been increased.
788268

When computer objects are added to AD and the AD logga is active, these objects are displayed in the ARM applications. An additional AD scan is no longer required for this.

826382 Fixed an issue with the configuration of Exchange resources where DAGs were not found.
841877 Fixed an issue with scanning PublicFolderClientPermissions and the ForwardingAddress in Exchange.
838345 Assigning group memberships when creating a new user account can now also be done via the WebAPI.
788600 An error in SharePoint scanning was fixed. Changes to SharePoint group memberships were accelerated.
823768 In the Account view, the default view for groups in the right panel has been changed to Parents.
654302 Fixed an issue with notification emails when starting a recertification.
808264 An issue with retrieving events when monitoring Active Directory has been fixed by making it possible to specify a value for a timeout in the configuration files.
790832 A problem with monitoring NetApp file servers has been fixed, so it is now possible to retrieve the events without HTTPS by adjusting the configuration files.
760362 Fixed a problem with very slow login in ARM due to reference chasing in LDAP query.
868393 Fixed a problem with the login.
737499 Fixed an issue with the account selection for actions in the rich client. Account selection can now be saved separately in each application area.

 

 


Known issues

Return to top

User-defined templates
Issue: When using user-defined templates, AccountSearchTextField does not work for manager assignment.
Resolution/Work-around: Use a standard input field or, if possible, a drop-down menu.

 

In Express Setup integrated SQL Express installation
Issue: For ARM Express installation, the built-in SQL Express installation fails if SQL 2017 or later is already present on the server.
Resolution/Work-around: Use the Express installation only on a server that does not already have SQL installed, or use the Advanced installation to use an existing SQL instance.

 

Updating FS Logga components on Windows file servers
Issue: In some cases, automatic or manual updating of FS-Logga components on Windows file servers may fail.
Resolution/Work-around: Start the setup on the Windows file server and select the Repair option. The repair function removes the installation and reinstalls the components.

 

Active Directory accounts not resolved
Issue: In some cases, new installations may experience Active Directory scanning issues when scanning through a collector or ARM server installed on a domain controller (DC). This can result in AD accounts not resolving correctly under these conditions. Existing installations are not affected.
Resolution/Work-around: Install the ARM server or collector service on a different server, not on DCs.

 

Upgrade path

Issue: You may encounter issues when upgrading from version 2019.4 to version 2021.4.

Resolution/Work-around: Perform an interim update with version 2020.2.7. Please refer also to the chapter Perform an update installation.

 

Restart of an expired (out of date) recertification

Issue: If you try to restart an expired recertification, an error message is displayed.

Resolution/Work-around: Go back to the recertifications overview page. There, the previously expired recertification is now correctly displayed as an open session with updated data.

 

Exclude directories from orders

Issue: It is not possible to add more than one directory to the exclude list. This is due to a missing button in the user interface. Existing configurations are not affected.

Resolution/Work-around: There is no work-around. This will be fixed in a future version.

 

Active Directory OUs to be scanned not stored persistently

Issue: The setting of the OUs to be scanned in the Configuration Wizard is not saved persistently. By restarting the ARM service, the setting is lost and all OUs are scanned again.

Resolution/Work-around: The setting of OUs to be scanned in the configuration files of the collectors works as before.

 

SharePoint on-premise selection of elements to be scanned

Issue: In the Configuration Wizard, the selection of items to be scanned from a SharePoint server does not work yet.

Resolution/Work-around: Use the Configuration Application to configure SharePoint scans.

 


CVEs

Return to top

SolarWinds would like to thank our Security Researchers below for reporting on the issue in a responsible manner and working with our security, product, and engineering teams to fix the vulnerability.

CVE-ID Vulnerability title Description Severity Credit

CVE-2021-35227

Insecure Web Configuration for RabbitMQ Management Plugin. The HTTP interface was enabled for RabbitMQ Management Plugin in ARM 2020.2.6 and earlier. The ability to configure HTTPS was not available. Medium Chris Townsend

 


End of life

Return to top

With the release of ARM version 2021.4, the following versions of ARM are no longer supported:

  • ARM 9.2

 

See the End of Life Policy for information about SolarWinds product lifecycle phases. For supported versions and EoL announcements for all SolarWinds products, see Currently supported software versions.

 


End of support

Return to top

This version of Access Rights Manager no longer supports the following platforms and features.

Typ Details
Operating system

Windows Vista

Operating system Windows 7
Microsoft application

Exchange 2010

Microsoft application SharePoint 2010

 


Deprecation notices

Return to top

This version of Access Rights Manager deprecates the following platforms and features.

Deprecated platforms and features are still supported in the current release. However, they will be unsupported in a future release. Plan on upgrading deprecated platforms, and avoid using deprecated features. Customizations applied to a deprecated feature might not be migrated if a new feature replaces the deprecated one.

Type Deprecation

Windows 8.x

The operating system is considered deprecated for the ARM applications as of this version. Although you can still install ARM applications on Windows 8.x, this operating system version is outdated and will not be supported in future versions of ARM. It is possible that problems caused by the deprecated operating system version may not be resolved by SolarWinds. SolarWinds strongly recommends that you upgrade your operating systems at your earliest convenience.

Windows Server 2012 / 2012 R2 The operating system is considered deprecated for the ARM applications as of this version. Although you can still install ARM applications on Windows Server 2012 / 2012 R2, this operating system version is outdated and will not be supported in future versions of ARM. It is possible that problems caused by the deprecated operating system version may not be resolved by SolarWinds. SolarWinds strongly recommends that you upgrade your operating systems at your earliest convenience.
SQL Server 2012

SQL Server 2012 is considered deprecated as of this version. Although you can still use ARM with SQL Server 2012, this SQL Server version is deprecated and will no longer be supported in future versions of ARM. It is possible that problems caused by the deprecated SQL Server version may not be resolved by SolarWinds. SolarWinds strongly recommends that you upgrade your systems at your earliest convenience.

SQL Server 2014 SQL Server 2014 is considered deprecated as of this version. Although you can still use ARM with SQL Server 2014, this SQL Server version is deprecated and will no longer be supported in future versions of ARM. It is possible that problems caused by the deprecated SQL Server version may not be resolved by SolarWinds. SolarWinds strongly recommends that you upgrade your systems at your earliest convenience.

 


Legal notices

Return to top

© 2021 SolarWinds Worldwide, LLC. All rights reserved.

This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.

SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.