AWA: What permissions/authorizations are necessary to create a user from the Administration view?
Article ID: 145462
CA Automic Workload Automation - Automation Engine
When attempting to create a user from the Administration view from the AWI, the 'Add User' fails with an ! that states 'you are not authorized to save this object'
This is due to incorrect privileges / authorizations for creating a user.
In a limited access account, to create a user the account needs to have:
1.) The privilege 'Access to Administration'
2.) Read, Write, Open access to USER objects
3.) Write access to the / folder
Item 3 is often missed - the Authorizations Pane creates users in the root (/) folder of the client.
If these items are present:
1.) Turn on SECURITY_AUDIT_FAILURE in the UC_CLIENT_SETTINGS with HOST_ACCESS,LOGON,OBJECT_ACCESS,USER_PRIVILEGES
2.) Have a user that has security messages available in the AWI
3.) Reattempt the save
This gave the following messages:
U00004519 Access violation details: Used filter: 'FOLD/\//////'
U00004506 Access violation: User: 'TEST/TEST' Object: '\' Access: 'W' Reason: No right found in authorization group '1'.
In this example, it shows that the FOLD filter does not have Write access to the (\) folder.