Troubleshooting missing permissions for Security Roles

book

Article ID: 169642

calendar_today

Updated On:

Products

Management Platform (Formerly known as Notification Server)

Issue/Introduction

User's in limited security roles may occasionally run into items they cannot or view, or actions they cannot complete due to missing permissions. It is not always obvious what permissions are required for desired operations. Insufficient permissions can manifest as "Access Denied" message, actions not completing, or pages not loading correctly. 

Resolution

To determine the missing permission that is causing the issue, reproduce the issue and watch the logs for an error or warning that looks like:

The current user 'User Name' does not have required permission 'read' to load item: ‘Item Name’{GUID.EN_US}

If this doesn’t show up as an error or warning, in rare instances it is required to turn on trace and verbose logs to find the message. It can be helpful to search by the username you are having issues with.

Once you have the Item and the required permission that is missing, check the roles the user is in to confirm that it is in the expected roles, and decide which role should have the permission that is reported as missing.  You can view accounts and roles by going to “Settings-Security- Account Management”.

 

To add the missing permission, click on “Settings-Security-Security Role Manager”. Choose the role you want to add the permission to in the top right corner, and in the drop down below that choose either ‘All Items’ or the entry that best matches the item you are trying to add permissions for. If you don’t know where an item exists in the tree view, you can view the properties which shows the folder path. The properties can be accessed at one of the following URLs depending on the version: 

http://localhost/Altiris/NS/ItemProperties.aspx?ItemGuid=*Guid of Item from the logs*

http://localhost/Altiris/NS/ItemPropertiesNS7.aspx?ItemGuid=*Guid of Item from the logs*

Then click on the blue plus sign, use the drop down in the dialog box to select the directory where the item exists, and select and add the item. Hit ok, the pop up box will go away, and then save changes.  Now test the page/action that was not working to confirm if the behavior has changed. There may be multiple items that the role needs permissions to, so watch the logs for the same error with a different GUID if the issue persists.