When trying to run CADSMCMD commands as a user who is not an Administrator on the Domain Manager, it fails. What permissions need to be granted in the user in ITCM Security Profiles to allow that user to run the CADSMCMD commands?

book

Article ID: 50340

calendar_today

Updated On:

Products

CA Automation Suite for Data Centers - Configuration Automation CA Client Automation - Asset Management CA Client Automation - IT Client Manager CA Client Automation CA Client Automation - Remote Control CA Client Automation - Asset Intelligence CA Client Automation - Desktop Migration Manager CA Client Automation - Patch Manager CA Server Automation

Issue/Introduction

Description:

When trying to run CADSMCMD commands as a user who is not an ITCM Administrator and/or does not have Full Control on all objects in their ITCM Security profile, the command fails with the error below:

Connecting to manager "<default manager>" as user "<default user>" ...
SDCMD<CMD000109>: Session establishment failed CLI_CO_DOMAIN_NAME.

The user may have the appropriate permissions to perform the same action from the DSM Explorer, but the CADSMCMD still fails.

For Example, to add a computer to a group in the DSM Explorer the following permissions are needed. However, using the CADSMCMD command to move a computer to a group with these same permissions will fail with the error above.

<Please see attached file for image>

Figure 1

Below is the sample command for this use case and the resulting error message:

C:\Users\test>cadsmcmd compgroup action=add name=GroupName computer=ComputerName
CA IT Client Manager r12
ITCM Command Line Version 12.5.0.2307
Copyright (c) 2010 CA. All rights reserved.

Trace mode: Off

Connecting to manager "<default manager>" as user "<default user>" ...
SDCMD<CMD000109>: Session establishment failed CLI_CO_DOMAIN_NAME.

What other Object Level Permissions are needed for the user's Security Profile?

Solution:

The key object where permissions are needed to use the CADSMCMD command line utility, besides the permissions needed to perform the same action in the DSM Explorer, is the "Database Credentials" Object.

You will need at least "Manage" permissions on the "Database Credentials" object for the user's Security Profile, along with what ever other permissions are need to perform that same action from the DSM Explorer. Most of these permissions are documented in the "CA IT Client Manager: Object Level Security Best Practices" Greenbook which is available as an attachment to this technical document.

For example, in the use case above to add a computer to a group using the CADSM Command you would need the same permissions as shown above, plus the added "Database Credentials" permission show below.

<Please see attached file for image>

Figure 2

The successful command output will look like the following once the permissions are set correctly.

C:\Users\test>cadsmcmd compgroup action=add name=GroupName computer=ComputerName
CA IT Client Manager r12
ITCM Command Line Version 12.5.0.2307
Copyright (c) 2010 CA. All rights reserved.

Trace mode: Off

Connecting to manager "<default manager>" as user "<default user>" ...OK.
Manager: DomainManagerName
Domain: DomainName
Domain type: Domain
Supporting: CO CCNF USD OSIM AM

%CAOP_E_504, Console daemon on node DomainManagerName not receiving. Friday, May 06, 20
11 10:23:02 AM

SDCMD<A000000>: OK

Environment

Release: UASIT.99000-12.5-Asset Intelligence
Component:

Attachments

1558698675746000050340_sktwi1f5rjvs16od2.gif get_app
1558698673540000050340_sktwi1f5rjvs16od1.gif get_app
1558535215552TEC546743.zip get_app