This document contains the release notes for IBM® Workplace™ for
Business Controls and Reporting, Version 2.5. The release notes
describe late changes and known defects, and provide workarounds
where possible.
Late changes:
Known defects:
Changes to default
roles
When WBCR is installed, the Access Manager creates
a set of default roles. These defaults provide initial functionality and
backward compatibility with previous versions of WBCR. The role
definitions provide a similar user experience to that of versions
1.x and 2.0.x.
The list of roles in the user Help for the
Access Manager portlet is not up to date. Here is the updated list
of default WBCR roles:
- Organization Owner
= {(Edit, Organization) (Edit, Process) (Edit, Subprocess) (Edit,
Objective) (Edit, Risk) (Edit, Control) (Edit, ControlObservation)
(Edit, ControlEvaluation) (View, AuditorObservation) (Edit, Procedure)
(Edit, Sample) (Edit, Certification) (Edit, ACL) (Edit, ChildNodes)}
- Organization Helper = {(Edit, Organization) (Edit, Process)
(Edit, Subprocess) (Edit, Objective) (Edit, Risk) (Edit, Control)
(Edit, ControlObservation) (Edit, ControlEvaluation) (View, AuditorObservation)
(Edit, Procedure) (Edit, Sample) (Edit, Certification) (Edit, ACL)
(Edit, ChildNodes)}
- Process Owner = {(View, Organization) (Edit, Process) (Edit,
Subprocess) (Edit, Objective) (Edit, Risk) (Edit, Control) (Edit,
ControlObservation) (Edit, ControlEvaluation) (View, AuditorObservation)
(Edit, Procedure) (Edit, Sample) (Edit, Certification) (Edit, ACL)
(Edit, ChildNodes)}
- Process Helper = {(View, Organization) (Edit, Process) (Edit,
Subprocess) (Edit, Objective) (Edit, Risk) (Edit, Control) (Edit,
ControlObservation) (Edit, ControlEvaluation) (View, AuditorObservation)
(Edit, Procedure) (Edit, Sample) (Edit, Certification) (Edit, ACL)
(Edit, ChildNodes)}
- Subprocess Owner = {(View, Organization) (View, Process) (Edit,
Subprocess) (Edit, Objective) (Edit, Risk) (Edit, Control) (Edit,
ControlObservation) (Edit, ControlEvaluation) (View, AuditorObservation)
(Edit, Procedure) (Edit, Sample) (Edit, Certification) (Edit, ACL)
(Edit, ChildNodes)}
- Subprocess Helper = {(View, Organization) (View, Process)
(Edit, Subprocess) (Edit, Objective) (Edit, Risk) (Edit, Control)
(Edit, ControlObservation) (Edit, ControlEvaluation) (View, AuditorObservation)
(Edit, Procedure) (Edit, Sample) (Edit, Certification) (Edit, ACL)
(Edit, ChildNodes)}
- Control Owner = {(View, Organization) (View, Process) (View,
Subprocess) (View, Objective) (View, Risk) (Edit, Control) (Edit,
Procedure) (Edit, Sample) (Edit, ControlObservation) (Edit, ControlEvaluation)
(View, AuditorObservation) (Edit, Certification) (Edit, ACL) (Edit,
ChildNodes) (Edit, ControlImpact) (Edit, KeyControl) (Edit, ControlFreq)
(Edit, ControlNextEval)}
- Control Helper = {(View, Organization) (View, Process) (View,
Subprocess) (View, Objective) (View, Risk) (Edit, Control) (Edit,
Procedure) (Edit, Sample) (Edit, ControlObservation) (Edit, ControlEvaluation)
(View, AuditorObservation) (Edit, Certification) (Edit, ACL) (Edit,
ChildNodes) (Edit, ControlImpact) (Edit, KeyControl) (Edit, ControlFreq)
(Edit, ControlNextEval)}
- Procedure Owner = {(View, Organization) (View, Process) (View,
Subprocess) (View, Objective) (View, Risk) (View, Control) (View,
ControlObservation) (View, ControlEvaluation) (View, AuditorObservation)
(Edit, Procedure) (Edit, ACL) (Edit, ChildNodes) (Edit, Sample)}
- Procedure Helper = {(View, Organization) (View, Process) (View,
Subprocess) (View, Objective) (View, Risk) (View, Control) (View,
ControlObservation) (View, ControlEvaluation) (View, AuditorObservation)
(Edit, Procedure) (Edit, ACL) (Edit, ChildNodes) (Edit, Sample)}
- Auditor = {(View, Organization) (View, Finance) (View, Process)
(View, Subprocess) (View, Objective) (View, Risk) (View, Control)
(View, ControlObservation) (Edit, AuditorObservation) (View, ControlEvaluation)
(View, Procedure) (View, Sample)}
- Finance Owner = {(Edit, Finance)}
- Administrator = {(Edit, Configuration) (Edit, Finance) (Edit,
Organization) (Edit, Process) (Edit, Subprocess) (Edit, Objective)
(Edit, Risk) (Edit, Control) (Edit, ControlObservation) (Edit, ControlEvaluation)
(Edit, AuditorObservation) (Edit, Procedure) (Edit, ACL) (Edit,
Version) (Edit, Import) (Edit, Certification) (Edit, ChildNodes)
(Edit, Sample) (Edit, KeyControl) (Edit ControlImpact) (Edit ControlFreq)
(Edit ControlNextEval)}
Changes to external
views
In order to improve performance, reports are now
run separately against the current set of tables and the history
set, not both simultaneously. Consequently, each of the WBCR external
views (except V_Version and V_Release) now has two variants:
- One corresponds to the current set of tables. Its name is as
before, for example V_Control, and its columns are as currently
documented.
- The other corresponds to the history set of tables. Its name
is as before but with '_History' appended, for example V_Control_History,
and its columns are the same as those for the corresponding current
view.
Change to "Install
WebSphere Portal 5.0.22" InfoCenter instructions
In the
InfoCenter instructions for "Install WebSphere Portal 5.0.22", the
references to the CD versions needed to install on a Windows platform
should include cd1-2. The revised line reads as follows:
Windows®:
You will need the following version 5.0.22 CDs: cd1-1, cd1-2, cd1-7,
cd2, cdSetup.
Notes about Notification
e-mail feature
Following are some important notes regarding
the Notification e-mail feature:
- Notification
can send large numbers of e-mail; caution should be taken when selecting
recipients in the Notification's administration portlet. Operations
like Re-import generate an e-mail for each SOX item, which could
result in the Process or Business owner receiving hundreds of e-mails.
Remember, selecting a Business Unit or Process owner means the owner
may get an e-mail for changes to items below them within that branch;
a branch which could consist of thousands of items.
- At this time, Notification cannot be suspended or turned off
easily; the only way is to deselect all the rules for each tab in
the Notification's administration portlet. An alternative option
would be to have a SMTP server that does not relay mail to the recipients,
and have Notification point to it temporarily for an operation like
re-import. This could only be a temporary solution, because the
unnecessary performance impact of Notification is still using system resources.
- To lessen the impact of Notification e-mails, the mail client
could filter on the subject line or the WBCR Administrator "From"
address, in order to re-direct e-mail to a specific folder or destination.
If you want the Subject line to be more unique, the Customize Label
administration portlet allows for some customization of the e-mail
text. For example, the label key "wbcr.notifications.label.email.subj.prefix"
would be a good candidate for customization (be sure to consider
all the different languages); the administrator "From" e-mail address
would be an even better filter candidate. You may also use this
as a way to redirect e-mail to delegates, since Notification does
not currently support sending e-mails to delegates.
- The Notification feature will send e-mail alerts to recipients
who are selected in the Notification administration portlet, however,
there are no rules that address the addition or deletion of a SOX
item in the Notification administration portlet. Adding and deleting
SOX items are are treated like owner changes; addition is like an
owner add, and deletion is like an owner delete. The exceptions
are:
- Only the owner of a deleted item will get an e-mail, and
only if the deleted item has an owner and the deletion does not
result in the owner be deleted from the WBCR system (for example,
if the owner no longer owns or is a delegate for any SOX item in
the system).
- The owner of a newly created SOX item (if
the item has an owner) will be sent an e-mail in addition to those selected
in the Administrator portlet.
- No e-mail at all will be
sent for Process deletes (and its descendents) if the Process has
been set to Documentation Complete
- Dates and times in the e-mail are based on the server time where
the WBCR portal application is running, not the recipient's local
time. Time stamps in the e-mail are based on the database server
location, and time zones are based on the portal server location;
this could be a problem if the two servers are in different time
zones. In addition, time zone designations are not always unique.
For example, using "Feb 2, 2005 6:20:19 PM CST", the "CST" may be
for the United States, Australia, China, or any other place that
uses CST as a time zone. If this causes problems, then using the
extra e-mail text fields may help to clarify this. Please see the
InfoCenter for more information about these extra text fields.
- The Notification event in the Scheduler Administration portlet
has to be set for Control Evaluations to be enabled. This schedules
a Notification background task to examine the database to see if
any Control Evaluation e-mails need to be sent. The Control Evaluation
is designed to run once a day. To ensure duplicate e-mails are not
sent due to Notification running more than once per day, care should
be taken when changing an existing scheduled time for a Notification
event. The Scheduler does not allow an existing event time to be
changed; a new event with the desired time must be added, and the
old one deleted. Do not delete the old existing event when adding
a new event to change the time; simply cancel the old, existing
event. The canceled event will prevent Notification from running
again if it has already run that day; more than one canceled event
is not needed so all but one canceled event can be deleted. Notification
will not run more than once per day; if there is more than one active
Notification event, only the earlier event will run.
Custom roles
(SPR PYZG67QHXD)
Take care when creating and assigning
custom roles as it is possible to allow a role to add a child node
but not to edit the child node. For example, if a role has BU =
view, Process = Edit, ChildNode = Edit, and all other resource types
set to No Access, it will be possible for a user with that role
to create a subprocess but then be unable to view or edit it.
Field names in
error messages (SPR XYXU67S6BM)
When a user makes an invalid
entry in a field, the resulting error message may identify the field
using its internal name rather than the name displayed in the portlet.
Linkages between
financial documents and Subprocesses (SPR ZNJN67XBWU)
The
enforcement of linkages between financial documents and Subprocesses
is effective only if:
- The Global setting
for Financial Linkage is set to Yes, and
- The Global setting for Show NONE financial statement
Option is set to No.
If
you do not see the enforcement of the financial linkages when you
expect them, go to and
check both of these settings.
Display of new
versions (SPR PYPY6836JU)
For performance reasons, version
information is retrieved only when a portlet is first initialized
for a user session. Therefore, if new versions are created during
a user session, the user must log out and then log back in in order
to see them.
Ignore error
log entry (SPR SGOU683ARQ)
You can ignore the following
exception in the error log. It comes from the Crystal viewer, but
the WBCR report loads correctly.
19159f98 WebGroup E SRVE0026E: [??????????]-[OutputStream already obtained]: java.lang.IllegalStateException: OutputStream already obtained
...
at org.apache.jsp._crystalimagehandler._jspService(_crystalimagehandler.java:100)
Report fails
to open (SPR MCMC684EHG)
Occasionally a report may fail
to open and you will see a message "The report you requested requires
further information". This is an intermittent problem, and you will
usually be able to open the report if you try again after 10 or 15
minutes.
Korean characters
do not display in Chinese environment (SPR PYPY6857UT)
Korean
characters do not display correctly in a Chinese (zh-cn) environment,
even when the character set is set to UTF-8 in .
Newly added risk
does not display (SPR PYPY685C7S)
When you add a risk,
the new risk appears in the navigator under the selected objective.
However, the new risk does not display under other objectives belonging
to the sample subprocess. You must collapse and objective node and
then expand it again in order to see the new risk.
Date 1969-12-31
or 1970-01-01 appears in fiscal year edit page (SPR ZNJN68CAXE)
In
the Fiscal Year portlet, if one or more of the quarter dates is
empty in the database, the empty fields will, as expected, appear
blank on the view page. However, if you click Edit the
display defaults the empty fields to 1969-12-31 or 1970-01-01, the Java™ date
value of 0.
Displaying reports
in the Executive View (SPR HBGO68DGCK)
If you display
a report, such as Evaluation Status Detail, in the Executive View
tab, switch to another tab, and then go back to the Executive View
tab, the previously opened report overrides the detail portlet.
To overcome the problem, click on some other object and then go
back to the detail portlet.
Mail notifications
not sent (SPRs QCHG68FM2F, QCHG68H5TS and QCHG68HDDP)
When
a shared control is changed, mail notifications are sent only to
owners in the tree where the control was created. Owners in other
trees that have just a link to the shared control are not notified.
If
a subprocess is linked to a subcaption, and the subcaption is removed,
a mail is sent saying that the subprocess/subcaption linkage has
been deleted. However, if the subprocess is deleted, no linkage
mail is sent.
If an objective is linked to a risk, and the
objective is deleted, a mail is sent saying that the objective/risk
linkage has been deleted. However, if the risk is deleted, no linkage
mail is sent.
Process can be
viewed without appropriate permission (SPR DWAG68KCMX)
In
some circumstances it is possible for a user to see a process item
in a documentation status report when he or she has no permission
to view or edit the process. For example:
- An administrator
creates a role 'myrole' that has Edit permission
for Organization, and No Access for other resource types.
- The administrator creates a business unit 'mybu'
on the organization tab and assigns 'buowner' as
owner, with role myrole.
- The administrator creates a process, 'buprocess',
for mybu on the documentation tab, with default
owner.
- User buowner logs in.
- On documentation tab, buowner selects the business
unit mybu, but cannot see the process buprocess.
This is the expected behavior.
- On the Report tab, buowner selects the documentation
status link. Here, however, buowner can see both
the business unit mybu and the process buprocess.
Evaluation date
changes if procedure is edited (SPR XYXU68MCSC)
If you
edit a procedure that has been evaluated, for example by changing
its name, the evaluation date changes to the date the edit was made.
This is because evaluation of a procedure is really an edit operation
on the procedure itself, in fact editing its Comment field.
Relogin required
to see Global Settings changes (SPR ZNJN68MCJG)
If you
make changes to Global Settings, the changes will only be visible
if you log out and then log in again. For example, if Financial
Values are visible and you set them to Off, they will remain visible
until you relogin.
Default frequency
of an imported control becomes Daily (SPR KBAN68LLMD)
When
you import a catalog, the default Frequency value for a Control
becomes NONE in DB2®.
However, NONE is not an option in the WBCR dropdown so if you edit
an imported control that has default Frequency, the Frequency value will
change to Daily (even if you did not edit that field).
Navigation tree
not updated (SPR BHYI68PBLL)
In the following cases the
navigation tree is not automatically updated:
- When dis-associating a Shared Control with a Risk.
- When deleting a Shared Control (this affects all Risks that
have an association with this Shared Control).
You can
refresh the tree by collapsing the parent of the affected node.
However, because deleting a shared control can potentially affect
many nodes, the safest way is to collapse the tree from the root
node.
Changes to one's
own ACLs do not take effect immediately (SPR XMZG68QCGT)
If
a user edits a resource and changes his or her own ACLs, the change
may not take immediate effect. In such cases, navigating the tree
will cause the correct access to be reflected.
Names of online
users not highlighted (SPR QCHG68QE23)
In the WBCR display,
the names of users who are online are normally highlighted. If you
click a highlighted name, a menu of messaging options appears. However,
when Active Directory is used as the LDAP server, names of online
users are not highlighted. You can still send messages to such users
by using, for example, IBM Lotus® Instant
Messaging (Sametime®).
Date in English
on Korean report (SPR SSHT68RHDD)
In Korean, the first
time you launch a report, the date on the report appears in English
while the rest of the report is in Korean. To overcome the problem
close the report window, and launch the same report again from portal.
The date corrects itself and displays in Korean.
Error "Maximum
processing time or maximum records limit reached" (SPR ZNJN68TGUP)
If
you see the Crystal error "Maximum processing time or maximum records
limit reached", you must increase the Crystal server's record limit
in order for reports to run. On the Crystal server's Properties panel,
increase the value of the Records limited to setting.
The value will depend on your setup. For example, try increasing
the default of 20,000 to 40,000. To do this:
- Open
the Crystal Management Console.
- Select Server from the Organize tab.
- Select the Crystal Page Server.
- On the Properties tab, increase the value
of Records limited to to 40000.
- Click Update.
- Click Servers in the bread-crumb trail.
- Select RAS.
- On the Database tab, increase the Records
limited to value to 40000.
Important: Keep
increasing the number until the error goes away. If the maximum
number (2147483648) is reached, and the error still has not gone
away, change the setting to "Unlimited". Be aware, however, that
once you change the setting to "Unlimited", this can cause a bottleneck
with your other CE services. Wait for the report to load instead
of clicking the Preview button again, as this will cause the Crystal
server to become even slower, with the additional database hits.
Failure to save
report as PDF (SPR XYXU68TJ3E)
In order to export reports
to PDF when dealing with large data sets, you may need to increase
the value of Maximum Cache Size Allowed on
the Crystal cache server's Properties panel
from 5000 to 50000 KB. To do this:
- Open
the Crystal Management Console.
- Select Server from the Organize tab.
- Select Cache Server.
- On the Properties tab, increase the value
of Maximum cache size allowed to 50000.
- Click Update.
Error after saving
a report as PDF (SPR KBAN68THUR)
A JavaScript™ runtime
error occurs if you open a report, save it as a PDF file, and then,
once the save is complete, switch to another report page. To avoid
the problem, after exporting the report to PDF, refresh the page
before navigating to the next report page.
Error opening
or using reports (SPR CWUU68SW3A)
You may see occasional
errors when opening or working on reports. These are caused by Crystal
intermittently requesting report parameters, and are a consequence
of unsynchronized system clocks and/or WebSphere® Application Server's
LTPA token timeout setting. To reduce the occurrence of such errors
make sure that system clocks are synchronized, and consider increasing
the LTPA timeout value.
Make sure the system clocks for all
servers (Portal, Crystal, DB2), and any client connected to the
Portal, are synchronized. Each machine can use its local locale,
but the clock must but synchronized. For example:
- Portal
in Westford, MA: System clock is 8:00am
- Crystal in UK: System clock should be 1:00pm
- Db2 in Cambridge, MA: System clock should be 8:00am
- Client in Shanghai: System clock should be 9:00pm
As
time passes after synchronization, clocks will become unsynchronized
again because different machines' system clocks do not run at exactly
the same speed. Ideally, to minimize errors, synchronize the system
clocks every cycle of the LTPA token time out period. All machines
that generate LTPA token requests and check the token need to be synchronized.
Before
increasing the LTPA token expiration you will need to consider your
company's security policies. Large values are not recommended on
systems with sensitive data. To increase the LTPA token expiration
value:
- Connect to the WebSphere Administration
Console.
- If you receive a security alert, click Yes to
accept the certificate.
- At the login screen enter the administration account and password.
- Click Security to expand the available
options.
- Click Authentication Mechanisms.
- Click LTPA to display the options.
- Modify the value in the Timeout field.
- Click Apply.
- When the message box appears, click Save.
- When the Save to Master Configuration dialog
box appears, click Save.
- Logout and restart WebSphere Portal.
Dates displayed
in US format (SPR CWUU68UKBV)
Dates in user-editable
fields display in US format, mm/dd/yyyy, even if the correct format
for your locale is different. If you enter or change a date by typing
directly into the field you must use the US format. To avoid this,
click the calendar icon next to the field and select the date from
the calendar.
Objects not displayed
after customizing a label (SPR XYXU68ZAMF)
If you use
the label manager to customize wbcr.control.observation.label.impact or wbcr.orgunit.label.scope for
a report in one locale, and then view the report in another locale,
objects associated with the new label will not be displayed. To
overcome the problem, you must add the label to each locale separately.
Only if the label is added to the locale where the report will be
viewed, will the relevant objects be displayed.
"Unknown" displayed
in audit trail (SPR XYXU68WEVX)
This is a current limitation
for the audit trail of linkages. WBCR relies on the eixstence of
objects in order to display their names. However, if the objects
have been deleted from the version that the user is viewing, then
the names cannot be obtained. In such cases the text "Unknown" is
used.
Japanese text
overlaps text in other fields (SPR QCHG68YCQK)
When running
reports from an AIX® Crystal
Enterprise server, Japanese text in a field may not wrap correctly,
and may overlap text in other fields.
One process tree
cannot be divided into more than one sheet in old Excel spreadsheets
(SPR KBAN693DYF)
Because of the parsing process, if a
user divides a process tree into more than one sheet, the processes
in the second and later sheets will be regarded as new processes,
and will cause problems during reimportation because their names
are exactly the same. Users should include all data of the same
process inside one sheet.
Inactive static
catalogs cannot be migrated to V2.5 (SPR KBAN692H4E)
Static
catalogs can be set to inactive, and are then invisible for ordinary
users. Inactive static catalogs in previous releases cannot be migrated
to V2.5. If Inactive catalogs need to be migrated, they must be
changed to Active before migration. The system administrator shoul
go to the Setup panel, and set catalogs to Active before running
the migration utility. After migration, the system administrator
can set migrated catalogs to inactive.