Investigating a "You are not authorized" error message
So, one of the HPSM admins is on vacation this week. And of course, we are having issues with a area he developed.
The area that is an issue is a setup where information about change tickets are being generated by software outside of HPSM. This info is written to files which are then processed as external events, which are read in and then inserted into the change tables.
3 weeks ago, the storage team retired a NAS. The HPSM input files being used for those events was on that device. While the storage team copied the files to the new device, one of the scripts that are used to process the files had a UNC with the old device's name.
Eventually someone noticed that the change records processed by the script were not appearing. We updated the paths in the script.
Now, however, a new issue has arisen. Each time one of these records are submitted, the record makes it into the event.in table, but instead of becoming a change record, we get this message:
You are not authorized to view this database.
I have no idea what this is in reference to. There is no further messages that tell me what is going wrong.
I don't understand exactly how this external event processing is supposed to work. But since the only thing in the script that changed was a path, and the actual record information is being seen - because it is in the event.in record - then I don't know how to fix things.
Can anyone provide any suggestions?
So the script in question, that gets the lines of input, puts them into a file, then calls the scfiled.exe command with appropriate parameters, is being executed as the system account used as admin for the system.
It doesn't seem like it should be possible for that account to be blocked from "viewing" a database.
Have you tried comparing the old event.in records against the new ones ? I was wondering whether there's a field like device name or submitted_by that is being checked or cause it to be process differently.
the user the script runs as has sysadmin profiles for all profiles and a security role of system administrator.
It has partial key, SysAdmin, SQLAdmin, SOAP API and user.favorites execute capabilities
Thank you for the suggestion regarding whether anything had changed between when it was working and now.
As far as I can tell, the records appear to be similarly filled out. Of course, the actual contents of the record differ since the changes being reported are different changes.
I'm uncertain that there is a specific capability word for change in that operator record; would I need to enter all capability words just to be safe?
It has the partial.key, SysAdmin, SQLAdmin, SOAP API, user favorites capability words.
So, how can I determine _what_ database is the issue?
For instance, logged on as the service account to HPSM, I am able to go to db > cm3r and perform searches and view tickets.
So if this message means that database, then I am confused as to why the event.in processing says that the account is not authorized to view the database, but the account can search and view the database from the GUI.
Any ideas on how I could determine more detail?
If you are running Service Manager 9.31 or higher then you can enable dynamic debugging on the event process and see what it's up to.
An RTM setting of 4 is usually enough. You can then set loose a file and see in the primary sm.log what's going on during processing.
Don't forget to set it to 0 afterwards.