Actions taken by Users not Authorized receive "Error: U00000009 '&01': Access denied"
Article ID: 84783
Updated On:
Products
CA Automic Workload Automation - Automation Engine
AUTOMIC WORKLOAD AUTOMATION
Issue/Introduction
Error Message :
"Error: U00000009 '&01': Access denied"
"Error: U0000009 '&01': Access denied"
Whenever an Automic UserInterface User performs an action which it is not authorized to perform, the above error message is displayed.
The insert '&01' is replaced by the object name which casued the violation. Often it's not easy to determine which permission is missing in the details.
Investigation
"Error: U00000009 '&01': Access denied"
"Error: U0000009 '&01': Access denied"
Whenever an Automic UserInterface User performs an action which it is not authorized to perform, the above error message is displayed.
The insert '&01' is replaced by the object name which casued the violation. Often it's not easy to determine which permission is missing in the details.
Investigation
- A user wants to release a job manually via the activity window.
<Please see attached file for image>
But the message "Error: U0000009 'JOBS.WIN.NO$JCL': Access denied" is issued. Without the "Security audit failure" it's difficult to find out which authorization the user needs to own for this action, because no additional information is given.
<Please see attached file for image>
- Add the Key: 'SECURITY_AUDIT_FAILURE' and the Value 1: 'HOST_ACCESS LOGON OBJECT_ACCESS USER_PRIVILEGES' to the 'UC_CLIENT_SETTINGS' to activate the "Security audit failure" trace. It takes place immediately after the variable was saved, no restart is necessary.
Afterwards additional information is displayed in the message window.
Note: The message type of these messages is "security". So it's necessary to activate "security messages" within the messages window settings to see them.
4/27/2012 9:22:02 AM - U0004506 Access violation: User: 'TEST/NIX' Object: 'JOBS.WIN.NO$JCL' Access: 'M' Reason: No right found in authorization group '1'.
The U0004506 message contains the following information:
<Please see attached file for image>
Note: The message type of these messages is "security". So it's necessary to activate "security messages" within the messages window settings to see them.
<Please see attached file for image>
4/27/2012 9:22:02 AM - U0004506 Access violation: User: 'TEST/NIX' Object: 'JOBS.WIN.NO$JCL' Access: 'M' Reason: No right found in authorization group '1'.
The U0004506 message contains the following information:
- The user which caused the violation, 'TEST/NIX' in this example
- The object which was used by this user, 'JOBS.WIN.NO$JCL' in this example
- The specific access which is necessary for the action, but the user doesn't own, 'M' in this example
4/27/2012 9:22:02 AM - U0004519 Access violation details: Used filter: 'JOBS/JOBS.WIN.NO$JCL/VWGSUP11//LOGIN.PC0357///' .
The U0004519 message contains the filter used for the object access.
The U0004519 message contains the filter used for the object access.
Cause
Cause type:
By design
Root Cause: UserInterface authorizations prevent users from performing actions on objects that they are not authorized to access. Use the Security audit to determine which authorizations are required when access denied error is thrown.
By design
Root Cause: UserInterface authorizations prevent users from performing actions on objects that they are not authorized to access. Use the Security audit to determine which authorizations are required when access denied error is thrown.
Environment
OS Version: N/A
Resolution
Use the "Security audit" as it is an appropriate function to determine the details:
References
Automic Workload Automation 11.2 Documentation
Administration Guide > Configuration > Settings in Variables > UC_CLIENT_SETTINGS - Various Client Settings
Fix Status: No Fix
Fix Version(s):
N/A
- "Security audit failure" traces all authorization violations.
- "Security audit success" traces all successful authorization checks.
References
Automic Workload Automation 11.2 Documentation
Administration Guide > Configuration > Settings in Variables > UC_CLIENT_SETTINGS - Various Client Settings
Fix Status: No Fix
Fix Version(s):
N/A
Additional Information
Workaround :
N/A
N/A
Attachments
Feedback
Yes
No
Powered by
