search cancel

Cloned "Symantec Administrators" role, after upgrade to ITMS 8.6 RU3, can't import a new SW Package.

book

Article ID: 258423

calendar_today

Updated On:

Products

IT Management Suite

Issue/Introduction

Cloned "Symantec Administrators" role in ITMS 8.5 RU4, after upgrade to ITMS 8.6 RU3 can't import a new SW Package because of missed permissions.

"1/22/2023 9:25:21 AM","WebApi Controller failure.

The current user 'MyDomain\Role Non Admin' does not have required permission 'read' to load item: 17ad008a-6a9e-46fa-b719-f712999b17eb
   [AeXUnauthorizedAccessException @ Altiris.NS.dll]
   at Altiris.NS.ItemManagement.Item.RaiseItemLoadFlagsSecurityException(string)
   at Altiris.NS.ItemManagement.Item.CheckCanGetItem(IItem, IEnumerable<Guid>, ItemLoadFlags)
   at Altiris.NS.ItemManagement.Item.GetItemInternal(Guid, IEnumerable<Guid>, ItemLoadFlags, out bool)
   at Altiris.NS.ItemManagement.Item.GetItemInternal(Guid, IEnumerable<Guid>, ItemLoadFlags)
   at Altiris.SoftwareManagement.SoftwareCatalogConfig.GetDefaultPackageAssignment()
   at Altiris.SoftwareManagement.SoftwareCatalogConfig.SetDefaultPackageAssignment<T>(T)
   at Altiris.SoftwareManagement.Resources.SoftwarePackageResource.CreateUnconfiguredPackage()
   at Altiris.SoftwareManagement.WebApi.Controllers.PackageController.CreateUnconfiguredPackage()
   at .lambda_method(Closure, object, object[])
   at System.Web.Http.Controllers.ReflectedHttpActionDescriptor+ActionExecutor+<>c_DisplayClass6_2.<GetExecutor>b_2(object, object[])
   at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ExecuteAsync(HttpControllerContext, IDictionary<string,object>, CancellationToken)
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task)
   at System.Web.Http.Controllers.ApiControllerActionInvoker+<InvokeActionAsyncCore>d__1.MoveNext()
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task)
   at System.Web.Http.Controllers.ActionFilterResult+<ExecuteAsync>d__5.MoveNext()
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task)
   at System.Web.Http.Controllers.ExceptionFilterR

"1/22/2023 9:26:47 AM","WebApi Controller failure.

Software package '00000000-0000-0000-0000-000000000000' is not found.
   [AeXItemNotFoundException @ Altiris.SoftwareManagement.WebApi.dll]
   at Altiris.SoftwareManagement.WebApi.Controllers.PackageController.UpdatePackage(Package, AddEditPackageRequest, out PackageRepositoryManager)
   at Altiris.SoftwareManagement.WebApi.Controllers.PackageController.ImportPackage(ImportPackageRequest)
   at .lambda_method(Closure, object, object[])
   at System.Web.Http.Controllers.ReflectedHttpActionDescriptor+ActionExecutor+<>c_DisplayClass6_2.<GetExecutor>b_2(object, object[])
   at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ExecuteAsync(HttpControllerContext, IDictionary<string,object>, CancellationToken)
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task)
   at System.Web.Http.Controllers.ApiControllerActionInvoker+<InvokeActionAsyncCore>d__1.MoveNext()
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task)
   at System.Web.Http.Controllers.ActionFilterResult+<ExecuteAsync>d__5.MoveNext()
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task)
   at System.Web.Http.Controllers.ExceptionFilterResult+<ExecuteAsync>d__6.MoveNext()

 

Environment

ITMS 8.6, 8.7

Cause

Item 17ad008a-6a9e-46fa-b719-f712999b17eb belongs to 'Software Catalog Configuration' item   (the UI below is visible by a true Symantec Administrator).

It was added in ITMS 8.6 release. Back in ITMS 8.5, Symantec Administrators' cloned role could not clone the "read" permissions for that item, thus there are no read permissions in ITMS 8.6.

 

Resolution

This issue has been reported to our Broadcom Development team. Unfortunately we cannot do anything about the issue, because in general case we are not allowed to modify the custom roles. 

Workaround:

  1. Open "Security Role Manager" page (under SMP Console, go to Settings menu>Security>Security Role Manager)
  2. Choose affected role and add "Software Catalog Configuration" item for this role
  3. Save changes.



Attachments