The caller 'NS Agent Identity' does not have permission "WRITE" (0d631690-66f8-4bc8-9edf-6bfdabf4bd61) on the specified item "Software Component: Software Component Resource Data Class" (61219b84-11d7-4002-8bc0-cd2e0202eb55)
search cancel

The caller 'NS Agent Identity' does not have permission "WRITE" (0d631690-66f8-4bc8-9edf-6bfdabf4bd61) on the specified item "Software Component: Software Component Resource Data Class" (61219b84-11d7-4002-8bc0-cd2e0202eb55)

book

Article ID: 192889

calendar_today

Updated On:

Products

IT Management Suite

Issue/Introduction

The customer recently upgraded to ITMS 8.5 RU3. The main issue was the following error every time a client machine was trying to send an NSE:

Entry 1:

NSE dispatch failed for: id=192418121, from: 1b2b2cee-1fdb-4953-8ac8-26b707cda91b, to: 'Standard event capture item' (70d916e7-5096-4fab-a761-4d4eb932da7f)

-OR-

Item save to DB failed: 6b29ee6a-25db-484c-85b4-379b2cb0c473, (fromClone=False, user=NS Agent Identity)

Entry 2:

The caller 'NS Agent Identity' does not have permission 0d631690-66f8-4bc8-9edf-6bfdabf4bd61 on the specified item 61219b84-11d7-4002-8bc0-cd2e0202eb55
   [Altiris.NS.Exceptions.AeXSecurityException @ Altiris.NS]
   at Altiris.NS.Security.ItemPermission.Demand(Guid entity, Guid permission, Boolean throwIfNotGranted)
   at Altiris.Resource.ResourceDataTable.Save()

 

The referenced item "61219b84-11d7-4002-8bc0-cd2e0202eb55" is "Software Component: Software Component Resource Data Class".
NS Agent Identity is trying to get this permission "0d631690-66f8-4bc8-9edf-6bfdabf4bd61", which is "Data Class Write".

 

Environment

ITMS 8.5 RU3

Also seen in 8.6 RU1 for the Global Windows User data class.

Cause

Known issue. This account never had write rights for this resource.

Resolution

This issue has been fixed in ITMS 8.5 RU4 release.

The current workaround for this issue is:

  • Open Security Role Manager (under SMP Console> “Settings > Security > Security Role Manager”
  • Select the “Symantec Administrators” roll in the top box.
  • From the dropdown box labeled “Views:” select “Settings”
  • Click on the tool (eye glasses icon)    at the top of the box in order to see all Hidden Items.
  • Navigate down to "Settings > Notification Server > Resource and Data Class Settings > Data Classes > Software Management > Software Component"
  • In the right pane, in the lower right corner, select the "Advanced" button.
  • If the "NS Agent Identity" account is not in the list of trustees with "Read" and "Write" permissions then click the "Add" icon.
  • From the "Group:" dropdown box select "Accounts"
  • Select "NS Agent Identity" from the list
  • Once added select the newly added account and check the "Read" and "Write" box in the "Permissions for:" section.
  • Save.

Note: In case you still get the same error even after making sure "Read" and "Write" are selected:
under "Resource Management Permissions", grant:

  • Write Resource Association
  • Write Resource Data



Powered by Wolken Software