NS Agent does not have 'read' permission
search cancel

NS Agent does not have 'read' permission


Article ID: 162109


Updated On:


IT Management Suite Client Management Suite Server Management Suite


Errors in the Symantec Management Platform (SMP) server logs indicating the 'NS Agent Account' does not have 'read' rights to some resource or resources.

Failed to load inventory. The current user 'NS Agent Identity' does not have required permission 'read' to load item:


Permissions for some resources have been changed for the NS Agent account. This account is an internal account used by Cloud Enabled Management (CEM).


Read permissions will need to be restored to the problem resource.

  1. Identify the folder name and the parent folder name of the resource that permissions need to be restored to. This can be done with the following query by replacing the '<Folder_Guid_goes_here>' with the GUID from the error message.
    • --Looking for the parent folder of a dataclass

      Declare @folderguid uniqueidentifier
      set @folderguid = '<Folder_Guid_goes_here>'

      select vi1.Name as [Folder Name],itf.ItemGuid as [Folder Guid],vi2.Name AS [Parent Folder Name],itf.ParentFolderGuid AS [Parent Folder Guid] from ItemFolder itf
      join vItem vi1 on vi1.Guid = itf.ItemGuid
      join vItem vi2 on vi2.Guid = itf.ParentFolderGuid
      where itf.ItemGuid = @folderguid
  2. Using the name for the resource folder use the following steps to locate the data class that needs the permissions changed and give the "NS Agent Identity' the read permissions to it.
    • Navigate to:  Settings> Security>Permissions to open the security role manager
    • Set the role to administrator
    • Set the view to "All Items"
    • Select the 'eyeglasses' icon to display hidden resources. This is neccescary since any of the resources that the NS Agent Identity needs are hidden.
    • Locate the resource identified by the query in step #1.
    • In the right pane click the "Advanced" button at the bottom of the page
    • If the NS Agent Identity does not have read rights assigned you must add them.
    • If the NS Agent Identity is missing you can add it by:
      1. Click the + button to add a trustee
      2. Change to the Group dropdown to accounts.
      3. Select the NS Agent Identity and click the OK button.
      4. Make sure the NS Agent Identity has read rights and save changes.
  3. Note: It may be neccessary to repeat the query in step 1 by replacing the GUID you entered with the one it returns for the parent folder. This will climb backwards through the structure and give you a clue as to where the resource you are looking for may be. It may also be neccessary to work with a higher tier resource and allow the permissions to inherit down.