Activity Center, Manage>Computers requires "Delete" privileges just to view the list of computers.
Article ID: 161992
Updated On:
Products
IT Management Suite
Issue/Introduction
With the release of ITMS 7.6 HF1, the following issue was discovered:
Activity Center, Manage>Computers requires "Delete" privileges just to view the list of computers.
Opening the Manage>Computers without the privilege cases an error in the console.
Activity Center, Manage>Computers requires "Delete" privileges just to view the list of computers.
Opening the Manage>Computers without the privilege cases an error in the console.
The verbose log shows the missing permission/privilege. The guid refers to the "Delete" privilege.
Failed to load item: 0a2c056c-2143-4e56-af30-0487177d10d3, Default
The current user 'test1' does not have required permission 'read' to load item:
0a2c056c-2143-4e56-af30-0487177d10d3
Failed to load item: 0a2c056c-2143-4e56-af30-0487177d10d3, Default
The current user 'test1' does not have required permission 'read' to load item:
0a2c056c-2143-4e56-af30-0487177d10d3
Item can not be deleted because of failed permission check: 'Test Organizational Group' (6143853e-5b84-4427-be23-de8987d7c8ba) Error in the application. [Altiris.NS.Exceptions.ItemSecurityException @ ] Exception logged from: at Altiris.Diagnostics.Logging.EventLog.ReportException(Int32 severity, String strMessage, String category, Exception exception, String footer) at Altiris.NS.ItemManagement.Item.Delete() at Altiris.NS.ItemManagement.Item.<>c__DisplayClass30.<DeleteItem>b__2f(IDatabaseContext ctx) at Altiris.Database.DatabaseContext`1.RetryAction(Int32 retries, Boolean transacted, Getter`1 getContext, Action`1 action, Action`1 retry, DeadlockRetryArgs& re, Exception& exception, Boolean inTransaction) at Altiris.Database.DatabaseContext`1.PerformWithDeadlockRetryHelper(Int32 retries, Boolean inTransaction, Getter`1 getContext, Action`1 action, Action`1 retry, Boolean transacted) at Altiris.Database.DatabaseContext`1.PerformWithDeadlockRetry(Int32 retries, Boolean startNewTransaction, Nullable`1 isolationLevel, Boolean independentContext, Action`1 action, Action`1 retry) at Altiris.NS.ItemManagement.Item.DeleteItem(Guid itemGuid) at Altiris.NS.Services.CoreServices.ResourceService.DeleteItem(Guid guid) at Altiris.NS.Services.CoreServices.ResourceService.EvaluateFilterPreview(RunFilterData runData) at Altiris.NS.Services.CoreServices.ResourceService.RunFilter(RunFilterData runData) at SyncInvokeRunFilter(Object , Object[] , Object[] ) at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs) at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc& rpc) at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc& rpc) at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage31(MessageRpc& rpc) at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet) at System.ServiceModel.Dispatcher.ChannelHandler.DispatchAndReleasePump(RequestContext request, Boolean cleanThread, OperationContext currentOperationContext) at System.ServiceModel.Dispatcher.ChannelHandler.HandleRequest(RequestContext request, OperationContext currentOperationContext) at System.ServiceModel.Dispatcher.ChannelHandler.AsyncMessagePump(IAsyncResult result) at System.Runtime.Fx.AsyncThunk.UnhandledExceptionFrame(IAsyncResult result) at System.Runtime.AsyncResult.Complete(Boolean completedSynchronously) at System.Runtime.InputQueue`1.AsyncQueueReader.Set(Item item) at System.Runtime.InputQueue`1.EnqueueAndDispatch(Item item, Boolean canDispatchOnThisThread) at System.Runtime.InputQueue`1.EnqueueAndDispatch(T item, Action dequeuedCallback, Boolean canDispatchOnThisThread) at System.ServiceModel.Channels.SingletonChannelAcceptor`3.Enqueue(QueueItemType item, Action dequeuedCallback, Boolean canDispatchOnThisThread) at System.ServiceModel.Channels.HttpPipeline.EnqueueMessageAsyncResult.CompleteParseAndEnqueue(IAsyncResult result) at System.ServiceModel.Channels.HttpPipeline.EnqueueMessageAsyncResult.HandleParseIncomingMessage(IAsyncResult result) at System.Runtime.AsyncResult.SyncContinue(IAsyncResult result) at System.ServiceModel.Channels.HttpPipeline.EmptyHttpPipeline.BeginProcessInboundRequest(ReplyChannelAcceptor replyChannelAcceptor, Action dequeuedCallback, AsyncCallback callback, Object state) at System.ServiceModel.Channels.HttpChannelListener`1.HttpContextReceivedAsyncResult`1.ProcessHttpContextAsync() at System.ServiceModel.Channels.HttpChannelListener`1.BeginHttpContextReceived(HttpRequestContext context, Action acceptorCallback, AsyncCallback callback, Object state) at System.ServiceModel.Activation.HostedHttpTransportManager.HttpContextReceived(HostedHttpRequestAsyncResult result) at System.ServiceModel.Activation.HostedHttpRequestAsyncResult.HandleRequest() at System.ServiceModel.Activation.HostedHttpRequestAsyncResult.BeginRequest() at System.ServiceModel.Activation.HostedHttpRequestAsyncResult.OnBeginRequest(Object state) at System.ServiceModel.AspNetPartialTrustHelpers.PartialTrustInvoke(ContextCallback callback, Object state) at System.ServiceModel.Activation.HostedHttpRequestAsyncResult.OnBeginRequestWithFlow(Object state) at System.Runtime.IOThreadScheduler.ScheduledOverlapped.IOCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* nativeOverlapped) at System.Runtime.Fx.IOCompletionThunk.UnhandledExceptionFrame(UInt32 error, UInt32 bytesRead, NativeOverlapped* nativeOverlapped) at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* pOVERLAP)
Cause
Known Issue, Delete privilege is required for the custom security role.
Resolution
This issue has been addressed with the ITMS 7.6 HF4 release (See DOC8949). WORKAROUND for previous versions: Enable the "Delete" privilege under Manage>Security>Account Management>Roles. Choose the affected role and enable the "Delete" Privilege in the "Right Click Menu" section. Suggested Steps: There were two permissions that need to be given they are: - The "Delete" permission on the "ITMS Management Views Filters" folder - The "Read" permission on the Right Click "Delete" item Detailed steps are provided here as a reference. 1. In Security Role Manager a. Select the desired role from the "Role:" drop down box b. Select "Resources" from the "View:" drop down box c. Click the Glasses icon to show hidden items d. Go To - Resource Management> Filters> ITMS Management Views Filters e. If that folder is not in the tree click the blue + and add it f. Select "Delete", "Read" and "Write" g. Click "Save changes" 2. In Security Role Manager a. Select the desired role from the "Role:" drop down box b. Select "Settings" from the "View:" drop down box c. Go To - Settings> Notification Server> Right Click Menu> Delete d. If that folder is not in the tree click the blue + and add it e. Select "Read" f. Click "Save changes" Adding the Right Click Delete option will still only show if they have Delete rights on the object. Unfortunately currently that is what we are checking for.
Feedback
Yes
No
Powered by
