search cancel

AdminUI Read Only Administrator cannot see the Identity Manager Roles in a Policy

book

Article ID: 6283

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

 Setting permission "Only View" to "myreadonlyadm" administrator, then when
 this administrator tries to see the users from a Policy (Users tab),
 then the AdminUI reports error :

 Insufficient rights. fetch, CA.SM::IMSEnvironment

 This happens for users which have IDM roles;

 Administrator "itviewmyriam"

 Workspace : no workspace
 Access Options : GUI

 If I login with siteminder super admin, then I can see those Identity Manager Roles objects
 attached to the Policy

Environment

Policy Server 12.52SP1CR02; AdminUI 12.52SP1CR02;

Cause

There's a limitation in the XPS code on the Policy Server side that doesn't allow the read-only administrator to view the Identity Manager Roles objects when linked to a given Domain Policy

Resolution

   Apply the CR06 to the Policy Server to fix this issue.
   And because the Policy Server runs CR06, you have to upgrade as well the AdminUI, Pre-req and Policy Store.
   The upgrade of the AdminUI only won't fix the issue.