search cancel

iDash 12.1 Unable to pull reports or create SLA's access denied by EEM -using Dynamic User Groups (DUG) -

book

Article ID: 145289

calendar_today

Updated On:

Products

iDash Workload Automation

Issue/Introduction

We had linked Idash to EEM and EEM is integrated with AD and in EEM we are using Dynamic User Groups (DUG) 




Only people who are part of Default policy are able to generate the reports and when a access policy is searching for identities in DUG, it is not allowing.

Reviewed Debug_EEM.log file and found that non admin user has is getting access denied 

Normal user activity:

No matching Explicit Deny policies returned
No matching Explicit Grant policies returned
No explicit deny/grant - checking delegations for resource create/idash-report/*D12*. Delegator Level: 1.
No deny delegation policies match.
No delegation policies match.
Checking for obligations for resource [create/idash-report/*D12*] and action [FulfillOnDeny].




admin user activity:

No matching Explicit Deny policies returned
Matching Explicit Grant Policy "Default Report Name Policy" has no filters - access granted.
Access was explicitly granted - exiting.
Checking for obligations for resource [create/idash-report/*D12*] and action [FulfillOnGrant].

Resolution

You would need to add the domain to user in the Identity field within EEM, to get the permission checked to work.

Follow these steps:
In CA EEM, click the Manage Access Policies tab.
Select Dynamic User Group Policies from the policies column on the left side of the window.
In the policy table, click the Add icon to create a new DUG, or click an existing DUG name to edit the group details.
Under Identities, enter the identity of the user being added to the DUG in the Identity field -add the domain to user-, or click Search Identities to search for the user.
Click the arrow icon to add the user to the DUG.
The user now appears in the Selected Identities section.
Click Save.

Add Users to EEM Dynamic User Groups (DUG)