ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Activity Center, Manage>Computers requires "Delete" privileges just to view the list of computers.

book

Article ID: 161992

calendar_today

Updated On:

Products

IT Management Suite

Issue/Introduction

With the release of ITMS 7.6 HF1, the following issue was discovered:
Activity Center, Manage>Computers requires "Delete" privileges just to view the list of computers.
Opening the Manage>Computers without the privilege cases an error in the console.
 
The verbose log shows the missing permission/privilege. The guid refers to the "Delete" privilege.
Failed to load item: 0a2c056c-2143-4e56-af30-0487177d10d3, Default
The current user 'test1' does not have required permission 'read' to load item:
0a2c056c-2143-4e56-af30-0487177d10d3
Item can not be deleted because of failed permission check: 'Test Organizational
Group' (6143853e-5b84-4427-be23-de8987d7c8ba)
Error in the application.
   [Altiris.NS.Exceptions.ItemSecurityException @ ]


Exception logged from: 
   at Altiris.Diagnostics.Logging.EventLog.ReportException(Int32 severity,
String strMessage, String category, Exception exception, String footer)
   at Altiris.NS.ItemManagement.Item.Delete()
   at
Altiris.NS.ItemManagement.Item.<>c__DisplayClass30.<DeleteItem>b__2f(IDatabaseContext
ctx)
   at Altiris.Database.DatabaseContext`1.RetryAction(Int32 retries, Boolean
transacted, Getter`1 getContext, Action`1 action, Action`1 retry,
DeadlockRetryArgs& re, Exception& exception, Boolean inTransaction)
   at Altiris.Database.DatabaseContext`1.PerformWithDeadlockRetryHelper(Int32
retries, Boolean inTransaction, Getter`1 getContext, Action`1 action, Action`1
retry, Boolean transacted)
   at Altiris.Database.DatabaseContext`1.PerformWithDeadlockRetry(Int32 retries,
Boolean startNewTransaction, Nullable`1 isolationLevel, Boolean
independentContext, Action`1 action, Action`1 retry)
   at Altiris.NS.ItemManagement.Item.DeleteItem(Guid itemGuid)
   at Altiris.NS.Services.CoreServices.ResourceService.DeleteItem(Guid guid)
   at
Altiris.NS.Services.CoreServices.ResourceService.EvaluateFilterPreview(RunFilterData
runData)
   at Altiris.NS.Services.CoreServices.ResourceService.RunFilter(RunFilterData
runData)
   at SyncInvokeRunFilter(Object , Object[] , Object[] )
   at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance,
Object[] inputs, Object[]& outputs)
   at
System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc& rpc)
   at
System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc&
rpc)
   at
System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage31(MessageRpc&
rpc)
   at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean
isOperationContextSet)
   at
System.ServiceModel.Dispatcher.ChannelHandler.DispatchAndReleasePump(RequestContext
request, Boolean cleanThread, OperationContext currentOperationContext)
   at System.ServiceModel.Dispatcher.ChannelHandler.HandleRequest(RequestContext
request, OperationContext currentOperationContext)
   at
System.ServiceModel.Dispatcher.ChannelHandler.AsyncMessagePump(IAsyncResult result)
   at System.Runtime.Fx.AsyncThunk.UnhandledExceptionFrame(IAsyncResult result)
   at System.Runtime.AsyncResult.Complete(Boolean completedSynchronously)
   at System.Runtime.InputQueue`1.AsyncQueueReader.Set(Item item)
   at System.Runtime.InputQueue`1.EnqueueAndDispatch(Item item, Boolean
canDispatchOnThisThread)
   at System.Runtime.InputQueue`1.EnqueueAndDispatch(T item, Action
dequeuedCallback, Boolean canDispatchOnThisThread)
   at
System.ServiceModel.Channels.SingletonChannelAcceptor`3.Enqueue(QueueItemType
item, Action dequeuedCallback, Boolean canDispatchOnThisThread)
   at
System.ServiceModel.Channels.HttpPipeline.EnqueueMessageAsyncResult.CompleteParseAndEnqueue(IAsyncResult
result)
   at
System.ServiceModel.Channels.HttpPipeline.EnqueueMessageAsyncResult.HandleParseIncomingMessage(IAsyncResult
result)
   at System.Runtime.AsyncResult.SyncContinue(IAsyncResult result)
   at
System.ServiceModel.Channels.HttpPipeline.EmptyHttpPipeline.BeginProcessInboundRequest(ReplyChannelAcceptor
replyChannelAcceptor, Action dequeuedCallback, AsyncCallback callback, Object state)
   at
System.ServiceModel.Channels.HttpChannelListener`1.HttpContextReceivedAsyncResult`1.ProcessHttpContextAsync()
   at
System.ServiceModel.Channels.HttpChannelListener`1.BeginHttpContextReceived(HttpRequestContext
context, Action acceptorCallback, AsyncCallback callback, Object state)
   at
System.ServiceModel.Activation.HostedHttpTransportManager.HttpContextReceived(HostedHttpRequestAsyncResult
result)
   at System.ServiceModel.Activation.HostedHttpRequestAsyncResult.HandleRequest()
   at System.ServiceModel.Activation.HostedHttpRequestAsyncResult.BeginRequest()
   at
System.ServiceModel.Activation.HostedHttpRequestAsyncResult.OnBeginRequest(Object state)
   at
System.ServiceModel.AspNetPartialTrustHelpers.PartialTrustInvoke(ContextCallback
callback, Object state)
   at
System.ServiceModel.Activation.HostedHttpRequestAsyncResult.OnBeginRequestWithFlow(Object
state)
   at System.Runtime.IOThreadScheduler.ScheduledOverlapped.IOCallback(UInt32
errorCode, UInt32 numBytes, NativeOverlapped* nativeOverlapped)
   at System.Runtime.Fx.IOCompletionThunk.UnhandledExceptionFrame(UInt32 error,
UInt32 bytesRead, NativeOverlapped* nativeOverlapped)
   at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32
errorCode, UInt32 numBytes, NativeOverlapped* pOVERLAP)

Cause

Known Issue, Delete privilege is required for the custom security role.

Resolution

This issue has been addressed with the ITMS 7.6 HF4 release (See DOC8949).


WORKAROUND for previous versions:
Enable the "Delete" privilege under Manage>Security>Account Management>Roles.
Choose the affected role and enable the "Delete" Privilege in the "Right Click Menu" section.


Suggested Steps:
There were two permissions that need to be given they are:
- The "Delete" permission on the "ITMS Management Views Filters" folder
- The "Read" permission on the Right Click "Delete" item

Detailed steps are provided here as a reference.

1. In Security Role Manager
  a. Select the desired role from the "Role:" drop down box
  b. Select "Resources" from the "View:" drop down box
  c. Click the Glasses icon to show hidden items
  d. Go To - Resource Management> Filters> ITMS Management Views Filters
  e. If that folder is not in the tree click the blue + and add it
  f. Select "Delete", "Read" and "Write"
  g. Click "Save changes"

2. In Security Role Manager
  a. Select the desired role from the "Role:" drop down box
  b. Select "Settings" from the "View:" drop down box
  c. Go To - Settings> Notification Server> Right Click Menu> Delete
  d. If that folder is not in the tree click the blue + and add it
  e. Select "Read"
  f. Click "Save changes"

Adding the Right Click Delete option will still only show if they have Delete rights on the object.  Unfortunately currently that is what we are checking for.