Login to the PolicyCenter S-Series with a user that has 'touch' access, but the PolicyCenter S-Series Web User Interface (WUI) shows that your user has 'look' access

book

Article ID: 170639

calendar_today

Updated On:

Products

PolicyCenter S-Series

Issue/Introduction

You login to the PolicyCenter S-Series with a user that has 'touch' access, but the PolicyCenter S-Series Web User Interface (WUI) shows that your user has 'look' access.  

Resolution

The PolicyCenter S-Series does not limit the number of users that can login to the PolicyCenter S-Series with look access, but it only allows one touch user session at a time in order to avoid users making conflicting changes at the same time.

If a user with a touch-role access tries to login to the PolicyCenter S-Series management console while another user with touch-role access is already logged in, then the second user will be downgraded to look access for that session. 

‚ÄčOnly a touch user that connects through the PolicyCenter S-Series serial console connection is granted touch access even when there is already an active touch access the WUI session.  This was done by design in order to allow the serial console touch access user to end a UI session in which a touch access user failed to log out and is blocking other users from logging in with touch access. 

  • Note: If a touch access user logs in to the PolicyCenter via the serial console first, then all users attempting to login to the PolicyCenter will be downgraded to look access until that first serial console touch access user logs out of the serial console session. 

A touch access user logging in to the serial console can end a touch access session that has failed to log out.  After running the following commands you should now be able to login to the PolicyCenter S-Series WUI with touch access:

  1. Access the Command Line Interface (CLI) via a serial console connection.
  2. Enter the following command to get the session id of the user:
    authentication session show
  3. Enter the following command to log the touch access user that has failed to log out:
    authentication session end <id>
    Note: <id> is the user's unique session id from step 2.

Follow the link below for details managing your user sessions: