Actions taken by Users not Authorized receive "Error: U00000009 '&01': Access denied"

book

Article ID: 84783

calendar_today

Updated On:

Products

CA Automic Workload Automation - Automation Engine

Issue/Introduction

Error Message :
"Error: U00000009 '&01': Access denied"
"Error: U0000009 '&01': Access denied"

Whenever an Automic UserInterface User performs an action which it is not authorized to perform, the above error message is displayed.

The insert '&01' is replaced by the object name which casued the violation. Often it's not easy to determine which permission is missing in the details.  

Investigation
  • A user wants to release a job manually via the activity window.

<Please see attached file for image>

0EMb0000000IVJ2.png
But the message "Error: U0000009 'JOBS.WIN.NO$JCL': Access denied" is issued. Without the "Security audit failure" it's difficult to find out which authorization the user needs to own for this action, because no additional information is given.

<Please see attached file for image>

0EMb0000000IVJ7.png
  • Add the Key: 'SECURITY_AUDIT_FAILURE' and the Value 1: 'HOST_ACCESS LOGON OBJECT_ACCESS USER_PRIVILEGES' to the 'UC_CLIENT_SETTINGS' to activate the "Security audit failure" trace. It takes place immediately after the variable was saved, no restart is necessary.
Afterwards additional information is displayed in the message window.

<Please see attached file for image>

0EMb0000000IVJC.png
Note: The message type of these messages is "security". So it's necessary to activate "security messages" within the messages window settings to see them.

<Please see attached file for image>

0EMb0000000IVJH.png
4/27/2012 9:22:02 AM - U0004506 Access violation: User: 'TEST/NIX' Object: 'JOBS.WIN.NO$JCL' Access: 'M' Reason: No right found in authorization group '1'.
The U0004506 message contains the following information:
  • The user which caused the violation, 'TEST/NIX' in this example
  • The object which was used by this user, 'JOBS.WIN.NO$JCL' in this example
  • The specific access which is necessary for the action, but the user doesn't own, 'M' in this example
4/27/2012 9:22:02 AM - U0004519 Access violation details: Used filter: 'JOBS/JOBS.WIN.NO$JCL/VWGSUP11//LOGIN.PC0357///' .
The U0004519 message contains the filter used for the object access.

Cause

Cause type:
By design
Root Cause: UserInterface authorizations prevent users from performing actions on objects that they are not authorized to access. Use the Security audit to determine which authorizations are required when access denied error is thrown.

Environment

OS Version: N/A

Resolution

Use  the "Security audit" as it is an appropriate function to determine the details:
  • "Security audit failure" traces all authorization violations.
  • "Security audit success" traces all successful authorization checks.
The security audit can be set up differently for each Automic client via the UC_CLIENT_SETTINGS. More details on that can be found in the Automic Documentation.  See the references listed below.

References

Automic Workload Automation 11.2 Documentation
Administration Guide > Configuration > Settings in Variables > UC_CLIENT_SETTINGS - Various Client Settings


Fix Status: No Fix

Fix Version(s):
N/A

Additional Information

Workaround :
N/A

Attachments

1558704722418000084783_sktwi1f5rjvs16lox.png get_app
1558704719887000084783_sktwi1f5rjvs16low.png get_app
1558704717679000084783_sktwi1f5rjvs16lov.png get_app
1558704715668000084783_sktwi1f5rjvs16lou.png get_app