Installation Instructions for Hot Fix P04006

64-bit Enabled AIX


Hot fix P04006 addresses the issue(s) in SAS Enterprise GRC 5.1_M5 as documented in the Issue(s) Addressed section of the hot fix download page:

http://ftp.sas.com/techsup/download/hotfix/HF2/P04.html#P04006


P04006 is a "container" hot fix that contains the following "member" hot fixes which will update the software components as needed.

P03006  updates  SAS Enterprise GRC Administrative Tools 5.1_M5
P02006  updates  SAS Enterprise GRC Mid-Tier 5.1_M5
V23001  updates  SAS Enterprise GRC Server 5.1_M5

See What is a container hot fix? in the Hot Fix FAQ for more information about container hot fixes.


Before applying this hot fix, follow the instructions in SAS Note 35968 to generate a SAS Deployment Registry report, then verify that the appropriate product releases are installed on your system. The release number information in the Registry report should match the 'member' release number information provided above for the software components installed on each machine in your deployment.

The hot fix downloaded, P04006pt.zip, includes the updates required for all components listed above on all applicable operating systems. To apply this hot fix on multiple machines, you can either save P04006pt.zip on each machine or save it in a network location that is accessible to all machines.

Do NOT extract the contents of P04006pt.zip. The hot fix installation process will extract the contents as needed.


IMPORTANT NOTES

  1. Files delivered in this hot fix will be backed up during the installation process. However, it is good general practice to back up your system before applying updates to software.

  2. You must have Administrator Privileges on your CLIENT or SERVER machine.

  3. All currently active SAS sessions, daemons, spawners and servers must be terminated before applying this hot fix.

  4. This hot fix should be installed using the same userid who performed the initial software installation.


INSTALLATION

Hot Fix P04006 must be installed on each machine where the updated components of the product, listed above, are installed. During the installation process you may see references to all operating systems for which updates are provided in the hot fix. The installation process will determine the operating system and which component(s) of SAS Enterprise GRC 5.1_M5 require updating on the machine. See SAS Note 44810 for more details.

The hot fix will be applied using the SAS Deployment Manager. By default, the SAS Deployment Manager will search in the <SASHOME>/InstallMisc/HotFixes/New directory for hot fixes to be applied, but will also prompt for a location if you have downloaded hot fixes to a different directory.

After downloading P04006pt.zip, follow the instructions for applying hot fixes in the SAS Deployment Wizard and SAS Deployment Manager 9.3: User's Guide.


The hot fix installation process generates the log file

<!SASHOME>/InstallMisc/InstallLogs/IT_date-and-time-stamp.log
for example, IT_2011-10-31-13.18.21.log. Each attempt to apply a hot fix results in the creation of a new log file giving detailed information regarding the installation process.

Postexec log files are created after the installation is completed and identifies the files that were added, backed up, changed and removed. These log files include the ‘member’ hot fix id in the name of the file and are also written to the <!SASHOME>/InstallMisc/InstallLogs directory. There is one postexec log for each ‘member’ hot fix applied (member hot fixes are listed at the top of these instructions).


The content of this hot fix is listed in the hot fix manifest.


POST-INSTALLATION INSTRUCTIONS

For each product installed, click the link to be redirected to post-installation instructions.

P03006  updates  SAS Enterprise GRC Administrative Tools 5.1_M5
P02006  updates  SAS Enterprise GRC Mid-Tier 5.1_M5
V23001  updates  SAS Enterprise GRC Server 5.1_M5


P03006  updates  SAS Enterprise GRC Administrative Tools 5.1_M5

After installing the hot fix, update the picklist file used by the SAS Enterprise GRC Administrative Tools at runtime. First, make a backup the picklist file in "<SASCONFIGDIR>/Applications/SASEnterpriseGRCAdminTools/5.1/dbscripts". Then, replace it with the updated picklist from the hotfix, which is located in "<SASHOME>/SASEnterpriseGRCAdministrativeTools/5.1".


P02006  updates  SAS Enterprise GRC Mid-Tier 5.1_M5

Re-build and Re-deploy Web Application

This hot fix requires that the WebApp be rebuilt and redeployed. Use the following steps to perform this post-installation task:

Step 1: Re-build Web Application

In order for this step to execute correctly, the Metadata Server must be running.

1.1 Invoke the SAS Deployment Manager 9.3

From the SASDeploymentManager directory launch sasdm.sh.
SAS Deployment Manager is installed in the following default location:

<SASHOME>/SASDeploymentManager/9.3

1.2 Select a language in the Choose Language box

1.3 Select Rebuild Web Applications

1.4 Select Configuration Directory or Enter the Configuration Directory and Level that needs to be updated

1.5 Specify Connection Information, including the sasadm User ID and Password

1.6 Select Enterprise GRC MidTier 5.1 as the Web Application to Rebuild

1.7 Verify the information on the Summary screen and select Start

1.8 Select Finish when the deployment is complete

This process will update the Enterprise GRC MidTier 5.1 ear in <SASCONFIGDIR>/Web/Staging.
A backup of the original ear file will be placed in the directory below:

<SASCONFIGDIR>/Web/Staging/Backup

Step 2: Re-deploy Web Applications

Re-deploy the web applications based on the instructions for the web application server you are using.

Clean up the Application Server cache. Please contact your Administrator for detail steps specific to your application server.



Notes:

  1. Please see SAS Note 54281 and SAS Note 54282 for recommended changes to the SAS Enterprise GRC workflow and notification templates.

  2. The system can now be configured to hide the allocation/monetary breakdown tab in the incident wizard using a new option "monitor.incidentMonetaryBreakdown.enable". To disable this tab, set the following properties in configdata.properties:
    monitor.incidentAllocation.enable = false
    monitor.incidentMonetaryBreakdown.enable = false

    By default, both values are true. A restart of the SAS Enterprise GRC MidTier server is required for this change to take effect.

  3. A new configuration option has been added to allow users to delete accepted tests. To enable this behavior, set the following property in configdata.properties:
    monitor.controlTesting.canDeleteAcceptedTest = true

    By default, the value is false, and accepted tests cannot be deleted or unloaded.

  4. As part of security fix to prevent cross-scripting vulnerability, please update configdata.properties file and add the property "monitor.http.xframeoptions" with one of the following values:
    SAMEORIGIN - only allows current site to frame content
    ALLOW-FROM uri - only allows the page to be framed from the specified origin (may not be supported on all browsers)
    DENY - prevents any domain from framing the content (not recommended)
    none - turn off header, do not set any value (default)

  5. A new configuration option has been added to allow excluding test plans from the task list. To enable this behavior, set the following property in configdata.properties:
    monitor.tasklist.excludedtypes=TestPlan

    By default, the value is empty.

  6. A new configuration option has been added to include draft incidents in the task list, even if incident workflow has been disabled. To enable this behavior, set the following property in configdata.properties:
    monitor.tasklist.includedraftincidents=true

    By default, the value is false.

  7. A new configuration option has been added that enabled additional permission checking when tests are opened. To enable test definition permission checking when opening tests, set the following property in configdata.properties:
    monitor.controlTesting.verifyTestDefinitionPermissionUponOpeningTests=true

    By default, the value is false.

  8. A new configuration option has been added that enabled additional permission checking when tests are opened. To enable test definition permission checking when opening tests, set the following property in configdata.properties:
    monitor.controlTesting.verifyTestDefinitionPermissionUponOpeningTests=true

    By default, the value is false.

  9. New configuration options have been added to turn off status reset of data loaded or migrated test definitions and tests from "In Progress" to "Returned to Originator".
    monitor.controlTesting.testDefinitions.resetStatusInNewWorkflow=false
    monitor.controlTesting.tests.resetStatusInNewWorkflow=false
    By default, the values are true.

  10. A new configuration option has been added that excludes all columns from dimension searches. To search only on the name column, set the following property in configdata.properties:
    monitor.ora.searchIncludesAllColumns=false
    By default, the value is true, and all columns in the table are used when searching.

  11. A new configuration option has been added to control the change reason prompt behavior for test definitions and tests. To let workflow transitions determine whether a change reason prompt appears, add the following option to configdata.properties:
    monitor.controlTesting.workflow.promptChangeReasonOverride=true
    By default, the property is false. When setting to true, it is recommended that the workflow template for tests and test definitions be updated to have the "GRC_PROMPT_CHANGE_REASON" data object with a value of "Yes" at the root level, and then selectively disable the change reason by setting the value on individual transitions.

  12. A new configuration option has been added to set GRC_ISMODIFIED for test definitions based on whether a control or issue has been changed. To enable this behavior, set the following option in configdata.properties.
    monitor.controlTesting.testDefinitions.checksControlsAndIssuesForIsModified=true
    By default, the property is false.

  13. A new configuration option has been added to allow test definitions to be excluded from the task list by validation state code value:
    monitor.tasklist.exclude.TestDefinition=validationStateCd1,validationStateCd2
    By default, this value is empty.

  14. As part of a security fix, an additional configuration option has been added to control what content can be embedded into the product. To control new configuration option is listed below:
    # List of acceptable embedded urls.
    # If urls start with / the context root is prefixed before checking
    # Otherwise an exact match is used.
    monitor.embed.whitelist=/CPBDocumentation?docType=COMPONENTS&topLevel=true,/CPBDocumentation?docType=FUNCTIONS&topLevel=true,/CPBDocumentation?docType=DIRECTIVES&topLevel=true,/CPBDocumentation?docType=PROPERTIES&topLevel=true
    IMPORTANT: This option is enabled by default with the values shown above, even though it may not be shown in configdata.properties. After installing the HF, you must check your menu XML for any menu items with embed="true", append them to the default property values. For example:
    monitor.embed.whitelist=/CPBDocumentation?docType=COMPONENTS&topLevel=true, /CPBDocumentation?docType=FUNCTIONS&topLevel=true,/CPBDocumentation?docType=DIRECTIVES&topLevel=true, /CPBDocumentation?docType=PROPERTIES&topLevel=true,<menu-option1>,<menu-option2>
    Although not recommended, this option may be disabled altogether by setting monitor.embed.whitelist=OFF


V23001  updates  SAS Enterprise GRC Server 5.1_M5

Copy SAS Changes to <SASCONFIGDIR>

The following files have been updated as part of the this hotfix but are not directly copied to the <SASCONFIGDIR>.

Copy the files below from

<SASHOME>/SASFoundation/9.3/ucmacros/ormonitormva/orm_add_cust_fields.sas
<SASHOME>/SASFoundation/9.3/ucmacros/ormonitormva/orm_all_cust_fields.sas
<SASHOME>/SASFoundation/9.3/ucmacros/ormonitormva/orm_pivot_datatype.sas

to

<SASCONFIGDIR>/Applications/SASEnterpriseGRCServerCfg/5.1/Source/ucmacros/orm_add_cust_fields.sas
<SASCONFIGDIR>/Applications/SASEnterpriseGRCServerCfg/5.1/Source/ucmacros/orm_all_cust_fields.sas
<SASCONFIGDIR>/Applications/SASEnterpriseGRCServerCfg/5.1/Source/ucmacros/orm_pivot_datatype.sas


This completes the installation of hot fix P04006 on 64-bit Enabled AIX.


Copyright 2015 SAS Institute Inc. All Rights Reserved.