Group permissions not propagating to users that are a member of more than 20 groups
search cancel

Group permissions not propagating to users that are a member of more than 20 groups

book

Article ID: 325977

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

Symptoms:
  • User is not granted access to product functionality after being added to a new group
  • The user is a member of more than 20 Groups.


Environment

VMware vRealize Automation 8.1.x

Cause

By default, the access token can contain up to 20 groups in VMware Identity Manager.

Resolution

This is expected behavior, to change the default behavior see the workaround section.

Workaround:
  1. Log into the system.
  2. Edit /opt/charts/identity-service/templates/deployment.yaml
  3. Increase the number of groups by adding -Dvidm.search.page.size=30 to JAVA_OPTS env. variable.
Note: Set the value to the max number of groups a user is expected to be in, oversizing this number can cause environment issues.

Example:

       - name: JAVA_OPTS
         value: |-
           -Dvidm.search.page.size=30
           -Dhttps.proxyHost=$(JAVA_PROXY_HOST)
           -Dhttp.proxyHost=$(JAVA_PROXY_HOST)
           -Dhttps.proxyPort=$(JAVA_PROXY_PORT)
           -Dhttp.proxyPort=$(JAVA_PROXY_PORT)

Important: 
The -Dvidm.search.page.size=30 should be placed on top of the other system properties.
- The YAML is sensitive to indentation. Do not use TAB, use two spaces to indent.

  1. Repeat steps 1-3 for clustered environments on each appliance.
  2. Run /opt/scripts/deploy.sh to apply the changes.


Additional Information

Impact/Risks:
This KB is only applicable to vRealize Automation 8.1.x.

Powered by Wolken Software