ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Actions taken by Users not Authorized receive "Error: U00000009 '&01': Access denied"

book

Article ID: 84783

calendar_today

Updated On:

Products

CA Automic One Automation

Issue/Introduction

Error Message :
"Error: U00000009 '&01': Access denied"
"Error: U0000009 '&01': Access denied"

Whenever an Automic UserInterface User performs an action which it is not authorized to perform, the above error message is displayed.

The insert '&01' is replaced by the object name which casued the violation. Often it's not easy to determine which permission is missing in the details.  

Investigation

  • A user wants to release a job manually via the activity window.

But the message "Error: U0000009 'JOBS.WIN.NO$JCL': Access denied" is issued. Without the "Security audit failure" it's difficult to find out which authorization the user needs to own for this action, because no additional information is given.

  • Add the Key: 'SECURITY_AUDIT_FAILURE' and the Value 1: 'HOST_ACCESS LOGON OBJECT_ACCESS USER_PRIVILEGES' to the 'UC_CLIENT_SETTINGS' to activate the "Security audit failure" trace. It takes place immediately after the variable was saved, no restart is necessary.
Afterwards additional information is displayed in the message window.


Note: The message type of these messages is "security". So it's necessary to activate "security messages" within the messages window settings to see them.


4/27/2012 9:22:02 AM - U0004506 Access violation: User: 'TEST/NIX' Object: 'JOBS.WIN.NO$JCL' Access: 'M' Reason: No right found in authorization group '1'.
The U0004506 message contains the following information:
  • The user which caused the violation, 'TEST/NIX' in this example
  • The object which was used by this user, 'JOBS.WIN.NO$JCL' in this example
  • The specific access which is necessary for the action, but the user doesn't own, 'M' in this example
4/27/2012 9:22:02 AM - U0004519 Access violation details: Used filter: 'JOBS/JOBS.WIN.NO$JCL/VWGSUP11//LOGIN.PC0357///' .
The U0004519 message contains the filter used for the object access.

Cause

Cause type:
By design
Root Cause: UserInterface authorizations prevent users from performing actions on objects that they are not authorized to access. Use the Security audit to determine which authorizations are required when access denied error is thrown.

Environment

Component: Automic Automation

OS Version: N/A

Resolution

Use  the "Security audit" as it is an appropriate function to determine the details:

  • "Security audit failure" traces all authorization violations.
  • "Security audit success" traces all successful authorization checks.

The security audit can be set up differently for each Automic client via the UC_CLIENT_SETTINGS. More details on that can be found in the Automic Documentation.  See the references listed below.

References

Automic Workload Automation Documentation
Administration Guide > Configuration > Settings in Variables > UC_CLIENT_SETTINGS - Various Client Settings

Fix Status: No Fix

Fix Version(s):
N/A

Additional Information

Workaround :
N/A

Attachments

Powered by Wolken Software