Changing functionality in TRIRIGA to fix security vulnerabilities

In this day and age, security is a very hot topic. As soon as one vulnerability is addressed and mitigated, another one is found. It is a vicious circle of identifying and addressing vulnerabilities that does not seem to let up. In our fix pack release notes, information regarding the mitigation of vulnerabilities that were addressed without an APAR is listed. And sometimes, a vulnerability is addressed as an APAR.

The reason I am mentioning security vulnerabilities is that sometimes, when they are resolved, there is an impact on existing functionality, which may not always be clear. Sometimes, the result of fixing vulnerabilities can “change” functionality. As an example, in the TRIRIGA 3.5.2 release, external URL navigation items will now open in a new window to avoid cross-origin scripting vulnerabilities…

As the product develops and security vulnerabilities are found and addressed, it could mean a change in how something works. Reading the release notes can be a source of information, but it may not always be clear why something changed. We all know change is hard, especially when we are so used to it working in a certain way. I don’t know about you, but if the change was made to address a security vulnerability, I can live with that and accept the change.

[Admin: This post is related to the 04.07.17 post about APAR IV94912 where “External URL” navigation items may no longer work. To see other related posts, use the Security tag or Vulnerability tag.]

Continue reading

Why does the report portal section keep loading forever?

We are currently using TRIRIGA 10.5.1/ If a particular portal section with a report has a result set of more than the property “Max Records Displayed”, then the results are not shown, and the portal section just keeps loading. Why?

However, the behavior is fine if the results returned are within the limit set in the portal section. Also, when the section is maximized, we can see all the results. It works in the case of a hierarchy query too.

We had a defect/APAR where the Max Records Displayed parameter was being ignored, and the entire result set was being pulled back. The issue is resolved in and Here is the release note: “Portal section queries display the maximum results that are specified in the Portal Builder. (Tri-237640-IV87771)”

I believe this fix will resolve your problem. In, queries are returning the entire result set, and are not stopping at the max count. My recommendation is to upgrade to the the fix pack with this fix, and see where you stand after that.

[Admin: This post is related to the 08.16.16 post about portal sections not showing the defined number of results. To see other related posts, use the Portal tag.]

Continue reading

Why aren’t changes to security groups being saved?

Is anybody seeing this issue in TRIRIGA 3.5.2? The Release Notes say that:

“The inner Save action on the Access tab of the Security Manager is removed. The user can make multiple permission changes, mix them with general changes and member changes, and save all at the end with the Save or Save & Close actions.”

But this doesn’t seem to work. Why not?

[Admin: This post is related to the 03.07.16 post about best practices for managing your security groups.]

Continue reading

IV95450: Run MS SQL “Set Varchar” scripts after upgrade to

How do you run the MS SQL “SetVarcharColsToNumeric_MSSS.sql” and “SetVarcharColsToNumeric_MSSS_Publish_BO.sql” scripts after upgrading to TRIRIGA According to the TRIRIGA 10.5.2 and 3.5.2 release notes:

  • “There are two scripts for MS SQL, SetVarcharColsToNumeric_MSSS.sql and SetVarcharColsToNumeric_MSSS_Publish_BO.sql. Run SetVarcharColsToNumeric_MSSS.sql first. When it completes, run SetVarcharColsToNumeric_MSSS_Publish_BO.sql.”
  • “Run the script PRIOR to installation of IBM TRIRIGA Application Platform version 3.5.0. NEVER run the script after upgrading to 3.5.0.”

Our application is 10.4 and platform is How can the SQL script be applied to update the system fields with the sub-attribute type of CreatedDateTime to CreatedDateTime (Number) and ModifiedDateTime to ModifiedDateTime (Number)?

Continue reading

UX: Is there a way to attach files in the Space Management app?

Is it possible to add attachments in the Space Management app? For example, if I click a button on the website, then a form opens for me to choose some file from my local PC. Then I can upload the file to the server. I can also check the file later. If it’s possible, which component should I use?

Yes, it is possible. Use the <triplat-file> component available for the UX Framework. It is used for uploading, downloading, and displaying binary files. You can read more on the <triplat-file> and other components from the documentation pages on your TRIRIGA server: http[s]://[tririga-hostname:port][/context_path]/p/web/doc.

The <triplat-file> component was introduced in TRIRIGA 10.5.2. Here is a link to the release notes. Some UX apps that are currently in development for a future release will make more use of this component, for example, to upload images or photos on comments.

[Admin: This post is related to the 03.08.16 post about modifying the Space apps, and the 12.21.16 post about Space Assessment documentation.]

Continue reading

How do you install TRIRIGA 3.5.0 to a pluggable Oracle Database 12c?

I am installing TRIRIGA 3.5.0/10.5.0 on my local machine with WebLogic and Oracle 12c. But I am getting the following error:

[java] Connecting to system@jdbc:oracle:thin:@localhost:1521:orcl
[java] /new/createdatauser.sql
[java] Exception encountered! java.sql.SQLException: ORA-65048: error encountered when processing the current DDL statement in pluggable database PDBORCL
[java] ORA-00959: tablespace 'TRIDATA_DATA' does not exist...

Installing to a pluggable database (PDB) or container database (CDB) is not supported in TRIRIGA 3.5.0. To resolve this, you will need to use the 3.5.2 platform installer or higher. Here is the 3.5.2 release note:

Installation: The installation of TRIRIGA Platform now supports connecting to Oracle via Service Name. This will allow you to use a RAC URL, or PDB installations. The installer will prompt for connecting via the older SID, or the Service Name as a section choice. (Tri-213951)

[Admin: This post is related to the 07.07.16 post and 01.26.16 post about getting an Oracle 12c error during install.]

Continue reading

How do you find queries that use the Reverse Association flag?

We are currently planning our 3.5.2 upgrade, and I noticed in the 3.5.2 release notes that the “Reverse Association” flag is being deprecated in a future release. I’m assuming that the legacy queries which used this flag have been or are being changed and included in the application upgrades.

Is it possible that a list of these queries is published so that those of us who are not currently taking application upgrades can make the fixes manually? Or is there a way that we can easily query which queries are currently using this flag?

Here’s an SQL you can run to see which queries are using this flag. Note that while it will be fine to uncheck the “Reverse Association” flag for the vast majority of these queries, there may be some where this flag was intended and a larger redesign of the functionality is needed. I know I’ve purposefully used it once in the last ten years, but that was more to understand how it worked exactly and haven’t used it since…

Continue reading