Knowledge Doc: [ESM] Access Denied exceptions in logger_server.log for NON_ADMIN users

0 Likes

Summary
Access Denied exceptions in logger_server.log for NON_ADMIN users

Products
ArcSight Enterprise Security Manager (ESM)

Environment
ESM 7.4 and previous versions

Situation
In the User resource, one grants users under "Default User Group" read/write permissions to thigs that should only be handled by the Admin user.
Adding this permission, would generate a lot of exceptions in the logger_server.log, like the one below:

[WARN ][default.com.arcsight.server.ASXmlRpcHandler] During access to com.arcsight.server.resource.GroupBrokerSkel.getResourcesByIDs from <FQDN> (<IP>): com.arcsight.common.persist.AccessDeniedException: Access Denied: <NON_ADMIN_USER> is not allowed to read 01000100010001001 (All Users)
[ERROR][default.com.arcsight.server.Server$RpcErrorHandler]
com.arcsight.common.persist.AccessDeniedException: Access Denied: <NON_ADMIN_USER> is not allowed to read 01000100010001001 (All Users)

Resolution
Delete the permission with the following steps:
Open Arcsight Console
Click on Users in the resource tree
Open the ACL for “Default User Group”.
On the Resource tab, delete the permission on “/All Users/Administrators"
Then reach out to your Admin users to add the permissions properly.


Knowledge Base Article Link


URL Name
KM000010734

Labels:

Support Tips/Knowledge Docs
Related
Recommended