PAM client deletes full page of policies after PAM-CM-0039 filter error
Article ID: 412626
Updated On:
Products
Issue/Introduction
A PAM administrator notices missing access policies. The session log shows that 30 policies were deleted, apparently by the PAM admin. But the admin never deleted any policies, only created a new one.
The following PAM-CM-0039 error was observed on the PAM client just prior to creating the new policy.
Environment
Affects all PAM releases up to 4.2.3.
Cause
The PAM administrator had listed all policies for a user group. Since the result set was large, more than one page of policies, the admin tried to add a second filter condition, but left the Value field blank by accident. This resulted in the PAM-CM-0039 error and a blank page. The admin then proceeded with creation of a new policy. When the policy was saved, the PAM client submitted a delta set of policies to the PAM server resulting in the deletion of all the policies that had been listed on the page prior to running into the error. The PAM session log showed deletion of the policies starting at the same time that the new policy was created.
Resolution
This problem is resolved in PAM 4.3, see the following item on page Resolved Issues in 4.3:
36563387 DE646364 PAM client deletes full page of policies after a filter error.
Feedback
