search cancel

DUAS6: commands returns error: "abandon" or "Access denied error" or "Non-existent task"

book

Article ID: 112625

calendar_today

Updated On:

Products

CA Automic Dollar Universe

Issue/Introduction

Some commands like "uxordre" or "uxadd fla" fail when launched the command as a specific system username.
Same commands work when launched as the Dollar Universe Administrator / root or some specific users.

Example of the command that fails when launched as username:

$UXEXE/uxordre tsk=TASKNAME mu=MUNAME param=test
(Technical info is absent: abandon)

or

$UXEXE/uxordre tsk=TASKNAME mu=MUNAME param=test
Non-existent task



Or:
$UXEXE/uxadd fla tsk=TASKNAME mu=MUNAME pdate=08/01/2018
Access denied error
command in error!!
 

Cause

The System User Pattern (proxy) is mapped to a Group that does not have enough permissions to execute the required Operation.

In order to find the root cause, the main log level needs to be increased to 0,SECURITY so that we can see what specific "Role" has been used and what permission is denied.

Example:
  • Increase the Main Log Level to 0,SECURITY via UVC or via the command line
unisetvar U_LOG_LEVEL 0,SECURITY
  • Then relaunch the command that fails and check the universe.log, you should see the following kind of lines that should tell you which Role / Permission is provoking the error:
|TRACE|X|IO |pid=p.t| owls_init_client          | Client uxordre proxy is: [SYS] [hostname\username]
|TRACE|X|IO |pid=p.t| getSecurity               | 25 security patterns available
...
|TRACE|X|IO |pid=p.t| IsMatchProxyFilter        | System user HOSTNAME\USERNAME matches pattern */*\*
|TRACE|X|IO |pid=p.t| getSecurity               | Client uxordre username on hostname.domain has 4 security roles
...
|INFO |X|IO |pid=p.t| o_check_security          | GRANTED ACCESS: role(DUAS TST600/X Read-only) -> this is the role that corresponds to the username that launched the command
|INFO |X|IO |pid=p.t| owls_check_security       | Security denied for OBJ(LAUNCH) OPER(CREATE) -> this is the operation that is denied due to the role applied

Environment

Component: Dollar Universe 6
Operating System: All

Resolution

By default, when UVMS is installed, there is a default System User Pattern that allows Operators operations to every System User.


Sometimes, Dollar Universe Admins prefer to restrict this permissions and assign the group "Read-Only Users".

As a result, unless a specific "System User Pattern" is created for the user that should launch commands like "uxadd fla / uxordre..." and mapped to a Group with Roles that allow it, the commands will fail.

To fix it, create a "System User Pattern" for the user that will launch the command, here you have an example where we will map the user called "username" to the group "Operators":


Then perform a "Full Synchronization" of the node so that this new proxy is pushed to the node.



Finally, relaunch the command that was failing, this time it should work.

Additional Information

If the node was installed with a user account other than root and the issue persists, try to assign the node to the user root with the following:

  • Login as root
  • Load the Dollar Universe environment:
    . /path_to_dollar_universe/unienv.ksh
  • Stop the node:
    $UNI_DIR_EXEC/unistop
  • Assign the node to the root user:
    $UNI_DIR_EXEC/uxrights -m assign -a root

  • Start the node:
    $UNI_DIR_EXEC/unistart

 

Attachments