Non-admin EEM users cannot login to AAI after 24.x upgrade
search cancel

Non-admin EEM users cannot login to AAI after 24.x upgrade

book

Article ID: 422910

calendar_today

Updated On:

Products

Automation Analytics & Intelligence

Issue/Introduction

Non-admin EEM domain users cannot log in to the AAI interface after upgrading to version 24.x

 

ERROR MESSAGE: The jaws.log file contains multiple warnings: "WARN [EIAMServerConnection] JAWS resource class not found in eIAM: 'Report'; all access checks for this class will be denied"

SYMPTOMS:

  • Domain users without administrative privileges fail to authenticate.

  • Log entries indicate missing JAWS resource classes (Report, UserProfile, SimulationStatus, Telemetry, SystemPreferences).

  • Access checks for these classes are automatically denied by eIAM.

 

CONTEXT: This occurs immediately following an upgrade to any AAI 24.x release prior to 24.4.

Environment

 

  • Product: AAI 24.x

  • Authentication: Eiam (EEM)

  • User Type: Non-admin domain users

 

Resolution

This is targeted to be fixed in AAI 24.4.


In order to work around this before 24.4, follow the steps below:

 

  1. ACCESS EEM POLICIES

    Log in to EEM using the AAI application context. Navigate to the "Manage Access Policies" tab.

  2. MODIFY "Simple login policy"

    Select JAWSApplication under the Access Policies section. Click on Simple login policy.

     

  3. UPDATE PERMISSIONS FOR JAWSUsers

    Locate the JAWSUsers group (or the specific affected user). Ensure runThinClient is enabled. Enable the following additional permissions:

    • runCommandLine

    • runImportExport

  4. VERIFY ACCESS

    Wait 5 minutes for policy propagation. Attempt to log in to AAI with a non-admin account.

 

Powered by Wolken Software