When an LDAP user, who is not tied to a specific account, is attempting to delete a device in Operator Console, an error occurs. It simply says "Delete Device(s) Failed - Please contact an administrator."

We cannot find any error in operatorconsole.log or wasp.log related to the attempt.

Release : 20.4

permissions

This can be caused by overlapping NimBUS users which have the same usernames but different ACL permissions on their accounts.

For example, a user named "jsmith" could exist in LDAP and tied to an Administrator ACL which has the "Discovery Management" permission which is necessary for deleting devices, but a NimBUS user called "jsmith" could have been created in Infrastructure Manager at the hub level and tied to an ACL which does not have the "Discovery Management" permission.

When there are two overlapping ACLs for a user, the one with the most restrictive permissions takes precedence, so the ACL without Discovery Management would get applied.

The resoluion is to delete the NimBUS user and ensure that the LDAP group is tied to an ACL with the appropriate permission.