CCS Powershell servlet ‘Remove-AssetsAndAgents’ may fail with a database permission error “The EXECUTE permission was denied on the object”.  This happens because the PS command connects to CSM_DB using the client’s context instead of having the Application Server service delegate access based on roles.

“The EXECUTE permission was denied on the object”

CCS 11.5.1

 This happens because the PS command connects to CSM_DB using the client’s context instead of having the Application Server service delegate access based on roles.

Apply Quick Fix 10603 to resolve this problem.  Now the Application Server connects PowerShell to CSM_DB via impersonation deleting the agents and assets via role based access.

Prerequisite: Before you apply Quick Fix 10603, ensure that you have installed Symantec Control Compliance Suite (Reporting & Analytics) v11.5.1 + the new Assembly Verifier QF #10604

(Note: This QF will work with any of these versions - 11.1, 11.1.2, 11.5 or 11.5.1 provided the new Assembly Verifier QF#10604 is also deployed.)

Download the attached ZIP file and extract the Readme file. This file contains the full instructions on how to apply this fix.

Following files are included in this package:

Symantec.CSM.AssetSystem.AssetBusinessLayer.dll    11.10.10603.1013