New resource creation is failing under any role which is not having "View Security" privilege

book

Article ID: 159155

calendar_today

Updated On:

Products

Management Platform (Formerly known as Notification Server) Asset Management Solution CMDB Solution

Issue/Introduction

Users from any custom or default security roles which are missing "View Security" system privilege cannot create resources, such as computers.

Example

  1. Create a clone of Symantec Administrator role or any role that has the ability to create assets, such as the CMDB Managers role, and then open the Privileges tab, remove "View Security" (located under System Privileges).
  2. Add any account to that role and login to Console with that account
  3. Go to Manage > Assets > Manage Configuration Items > Computers and Peripherals, right click and try to create new computer with any name.
  4. When pressing Save or OK you will see following error both in Configuration windows and logs - An error occurred saving changes. Unable to retrieve the sid associated with the specified name.
 
 

 

An error occurred saving changes. Unable to retrieve the sid associated with the specified name. Name: <accountnamehere>. Inner:

Altiris.NS.Exceptions.AeXException: Unable to lookup the SID associated with the specified account ---> System.Security.SecurityException: The caller
(<accountnamehere>. ) does not have the specified privilege ('View Security').
   at Altiris.NS.Security.SecurityMonitor.Demand(PrivilegeCollection privileges)
   at Altiris.NS.Security.PrivilegePermission.Demand()
   at Altiris.NS.Security.AccountManagement.TrusteeManager.GetByName[T](String name, ItemLoadFlags flags)
   at Altiris.NS.Security.SecurityTrusteeProvider.LookupSidFromName(String scope, String name)
The Zone of the assembly that failed was:
MyComputer
   --- End of inner exception stack trace ---
   at Altiris.NS.Security.SecurityTrusteeProvider.LookupSidFromName(String scope, String name)
   at Altiris.NS.Security.SecurityTrusteeManager.GetTrustee(String scope, Int32 authenticationType, String authenticationName).
 

Cause

Core defect, unnecessary ViewSecurity check when getting trustee.
 

Resolution

This issue is resolved in ITMS 7.5 SP1.

A point fix is available for ITMS 7.1 SP2 MP1, which is attached to this article.

 

Applies To

ITMS 7.1 SP2 MP1+
ITMS 7.5 without SP1

Attachments

PF_3413260_71_SP2_MP1_V6.zip get_app