Cybersecurity
DevOps Cloud (ADM)
IT Operations Cloud
Summary
Access Denied exceptions in logger_server.log for NON_ADMIN users
Products
ArcSight Enterprise Security Manager (ESM)
Environment
ESM 7.4 and previous versions
Situation
In the User resource, one grants users under "Default User Group" read/write permissions to thigs that should only be handled by the Admin user.
Adding this permission, would generate a lot of exceptions in the logger_server.log, like the one below:
[WARN ][default.com.arcsight.server.ASXmlRpcHandler] During access to com.arcsight.server.resource.GroupBrokerSkel.getResourcesByIDs from <FQDN> (<IP>): com.arcsight.common.persist.AccessDeniedException: Access Denied: <NON_ADMIN_USER> is not allowed to read 01000100010001001 (All Users)
[ERROR][default.com.arcsight.server.Server$RpcErrorHandler]
com.arcsight.common.persist.AccessDeniedException: Access Denied: <NON_ADMIN_USER> is not allowed to read 01000100010001001 (All Users)
Resolution
Delete the permission with the following steps:
Open Arcsight Console
Click on Users in the resource tree
Open the ACL for “Default User Group”.
On the Resource tab, delete the permission on “/All Users/Administrators"
Then reach out to your Admin users to add the permissions properly.
URL Name
KM000010734