Access Violation Administrator messages appear when users without write access to User objects log in using ECC

book

Article ID: 87979

calendar_today

Updated On:

Products

CA Automic Workload Automation - Automation Engine AUTOMIC WORKLOAD AUTOMATION

Issue/Introduction

Affects Release version(s): 11

Error Message :
U00004519 Access violation details: Used filter: ' USER/XYZ/XYZ//////' .
U00004505 Access violation: User: 'XYZ/XYZ' Object: ' XYZ/XYZ' Access type: 'W' Reason: prohibition in authorization profile: 'XYZ/XYZ'.

In the Enterprise Control Center (ECC) the Admin receives the following Access Violation messages when a user logs on to the application without having access to ones User object or when opening an object to which no write access exists:
 
12.07.2016 09:27:23 - U00004519 Access violation details: Used filter: ' USER/XYZ/XYZ//////' .
12.07.2016 09:27:23 - U00004505 Access violation: User: 'XYZ/XYZ' Object: ' XYZ/XYZ' Access type: 'W' Reason: prohibition in authorization profile: 'XYZ/XYZ'.

When logging in to the Java User Interface (UI) no messages are printed.

Investigation
  1. Set the following Authorizations for a User:

<Please see attached file for image>

0EMb0000001UqdR.png
  1.  Log in to ECC with the User and these rights settings
  2. Check the Logfiles (WP) - the Access violation messages are also inside
Another way to check this behavior:
  1. Set the following settings in the Java-UI for the Client via Options | Settings | Message Window:
Subscribed messages:
Set a checkmark at "Everything in the current Client"
Set a checkmark at "Administrator messages"
Set a checkmark at "Security messages"

 

<Please see attached file for image>

0EMb0000001UqdW.png
  1. Additionally, set in the UC_CLIENT_SETTINGS of this user to the following:
SECURITY_AUDIT_FAILURE | HOST_ACCESS,LOGON,OBJECT_ACCESS,USER_PRIVILEGES

<Please see attached file for image>

0EMb0000001Uqdb.png
  1. Login to ECC with the User
With this additional settings the output are also printed to the message window.

Cause

Cause type:
Defect
Root Cause: Access violation messages displayed when they shouldn’t be: 1) when users with no write access to an object open it and 2) when users logged in to the AWI and have no write access to the User object.

Environment

OS Version: N/A

Resolution

Update to a fix version listed below or a newer version if available.

Fix Status: Released

Fix Version(s):
Automic Web Interface 12.0.2 - Available

Additional Information

Workaround :
N/A

Attachments

1558692530112000087979_sktwi1f5rjvs16lqx.png get_app
1558692528378000087979_sktwi1f5rjvs16lqw.png get_app
1558692525565000087979_sktwi1f5rjvs16lqv.png get_app