AdminUI Read Only Administrator cannot see the Identity Manager Roles in a Policy

book

Article ID: 6283

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

 Setting permission "Only View" to "myreadonlyadm" administrator, then when
 this administrator tries to see the users from a Policy (Users tab),
 then the AdminUI reports error :

 Insufficient rights. fetch, CA.SM::IMSEnvironment

 This happens for users which have IDM roles;

 Administrator "itviewmyriam"

 Workspace : no workspace
 Access Options : GUI

 If I login with siteminder super admin, then I can see those Identity Manager Roles objects
 attached to the Policy

Cause

There's a limitation in the XPS code on the Policy Server side that doesn't allow the read-only administrator to view the Identity Manager Roles objects when linked to a given Domain Policy

Environment

Policy Server 12.52SP1CR02; AdminUI 12.52SP1CR02;

Resolution

   Apply the CR06 to the Policy Server to fix this issue.
   And because the Policy Server runs CR06, you have to upgrade as well the AdminUI, Pre-req and Policy Store.
   The upgrade of the AdminUI only won't fix the issue.