AWA: What permissions/authorizations are necessary to create a user from the Administration view?

book

Article ID: 145462

calendar_today

Updated On:

Products

CA Automic Workload Automation - Automation Engine CA Automic Workload Automation - Automation Engine

Issue/Introduction

When attempting to create a user from the Administration view from the AWI, the 'Add User' fails with an ! that states 'you are not authorized to save this object'

Cause

This is due to incorrect privileges / authorizations for creating a user.

Resolution

In a limited access account, to create a user the account needs to have:

1.) The privilege 'Access to Administration'
2.) Read, Write, Open access to USER objects
3.) Write access to the / folder

Item 3 is often missed - the Authorizations Pane creates users in the root (/) folder of the client.

If these items are present:

1.) Turn on SECURITY_AUDIT_FAILURE in the UC_CLIENT_SETTINGS with HOST_ACCESS,LOGON,OBJECT_ACCESS,USER_PRIVILEGES
2.) Have a user that has security messages available in the AWI
3.) Reattempt the save

This gave the following messages:

U00004519 Access violation details: Used filter: 'FOLD/\//////'
U00004506 Access violation: User: 'TEST/TEST' Object: '\' Access: 'W' Reason: No right found in authorization group '1'.

In this example, it shows that the FOLD filter does not have Write access to the (\) folder.