Aria Automation Access Issue fails with "403 Error - It appears that you don’t have access to VMware vRealize Automation"
search cancel

Aria Automation Access Issue fails with "403 Error - It appears that you don’t have access to VMware vRealize Automation"

book

Article ID: 372115

calendar_today

Updated On: 02-27-2025

Products

VMware Aria Suite VMware vRealize Automation 8.x

Issue/Introduction

Users attempting to log in with a domain account to Aria Automation encounters 403 error if they have not been granted a role in Identity and Access Management (IAM).

This issue occurs within environments where Aria Automation is integrated with vIDM (VMware Identity Manager) configured to use LDAP as a source.

Access attempts are made via the Aria automation UI hosted at https://your_Aria_Automation_FQDN

Environment

VMware Aria Automation 8.x 

Cause

The root cause of the issue lies in the role-based access control configuration within Aria Automation.

When a user attempts to log in with a domain account before being assigned a role in IAM, the system denies access with a 403 error. This is because the user lacks the necessary permissions to access resources or perform actions within Aria Automation.

Resolution

To resolve this issue, follow these steps:

    1. When logging in to Aria Automation for the first time or after configuration changes, make sure to select the "System Domain" when prompted by vIDM. This ensures that initial administrative access is granted correctly.

    2. Use the configuration administrator credentials noted in Aria Suite Lifecycle (vRealize Suite Lifecycle Manager) under globalenvironment to log in initially. This user should have sufficient privileges to configure roles and permissions within Aria Automation for users.

    3.  Navigate to Identity and Access Management (IAM) within Aria Automation. Assign the appropriate roles to users from vIDM Workspace One.

    4. Ensure that users are assigned organization roles (Organization Owner, Organization Member), service roles (Cloud Assembly Administrator/User/Viewer, Service Broker Administrator/User/Viewer, Code Stream Administrator/User/Viewer), and project roles as needed.

    5. If you are not able to access the Aria Automation IAM page using the default configuration Admin configured, and are prompted the same error stating Access Denied 403, please raise a support request with Global Support as further investigation might require database triaging.  

Additional Information

  • The roles defined in Aria Automation (organization, service, and project roles) govern user access and permissions across different functionalities like Cloud Assembly, Service Broker, and Code Stream.
  • Understanding and properly configuring these roles is essential for effective user management and resource utilization within Aria Automation.
  • By following these steps, users should be able to log in successfully to Aria Automation without encountering 403 error, provided they have been appropriately granted roles in Identity and Access Management (IAM).