PAM-UI-1804 and PAM-CMN-0003 errors trying to create user group policy
search cancel

PAM-UI-1804 and PAM-CMN-0003 errors trying to create user group policy

book

Article ID: 379767

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

A PAM limited administrator with a Policy Manager role is not able to create a policy between a new user group and any device or device group, running into the following error right after selecting a device or device group in the policy editor:

PAM-UI-1804: Error retrieving association information between user(group) and device(group). - PAM-CMN-0003: Not authorized to perform this action. 

The user group is assigned to this manager and there is no problem creating policies for other user groups.

A PAM user with a Global Administrator role is able to create policies for the new group.

Environment

Affects PAM releases up to 4.1.8 and 4.2.0.

Cause

PAM ran into an internal error while checking the user's authorization, because the user group did not have any members yet.

Resolution

This problem will be fixed in PAM 4.2.1 and later releases.

For affected releases, assign at least one user to the group before creating policies for it to work around this problem.