New Ranks & Badges For The Community!
Notice something different? The ranks and associated badges have gone "Star Fleet". See what they all mean HERE
Highlighted
Absent Member.
Absent Member.
1801 views

Investigating a "You are not authorized" error message

So, one of the HPSM admins is on vacation this week. And of course, we are having issues with a area he developed.

 

The area that is an issue is a setup where information about change tickets are being generated by software outside of HPSM. This info is written to files which are then processed as external events, which are read in and then inserted into the change tables.

 

3 weeks ago, the storage team retired a NAS. The HPSM input files being used for those events was on that device. While the storage team copied the files to the new device, one of the scripts that are used to process the files had a UNC with the old device's name.

 

Eventually someone noticed that the change records processed by the script were not appearing. We updated the paths in the script.

 

Now, however, a new issue has arisen.  Each time one of these records are submitted, the record makes it into the event.in table, but instead of becoming a change record, we get this message:

You are not authorized to view this database.

 

I have no idea what this is in reference to. There is no further messages that tell me what is going wrong.

 

I don't understand exactly how this external event processing is supposed to work. But since the only thing in the script that changed was a path, and the actual record information is being seen - because it is in the event.in record - then I don't know how to fix things.

 

Can anyone provide any suggestions?

 

Thank you

 

0 Likes
15 Replies
Highlighted
Absent Member.
Absent Member.

So the script in question, that gets the lines of input, puts them into a file, then calls the scfiled.exe command with appropriate parameters, is being executed as the system account used as admin for the system.

 

It doesn't seem like it should be possible for that account to be blocked from "viewing" a database.

0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Have you tried comparing the old event.in records against the new ones ? I was wondering whether there's a field like device name or submitted_by that is being checked or cause it to be process differently.

 

Highlighted
Absent Member.
Absent Member.

May be you can try searching username using which the integration is done. Give that user admin access and SOAP capability.

Highlighted
Absent Member.
Absent Member.

the user the script runs as has sysadmin profiles for all profiles and a security role of system administrator.

It has partial key, SysAdmin, SQLAdmin, SOAP API and user.favorites execute capabilities

0 Likes
Highlighted
Absent Member.
Absent Member.

Thank  you for the suggestion regarding whether anything had changed between when it was working and now.

 

As far as I can tell, the records appear to be similarly filled out. Of course, the actual contents of the record differ since the changes being reported are different changes.

0 Likes
Highlighted
Absent Member.. Absent Member..
Absent Member..

Event services is ancient and may still be looking for the change request capability word. Does the operator have that capalbity as well?

----------------------------------------------------
Kudos - what, where, how, and why
Want Good Answers? Ask Good Questions...
0 Likes
Highlighted
Absent Member.
Absent Member.

I'm uncertain that there is a specific capability word for change in that operator record; would I need to enter all capability words just to be safe?

 

It has the partial.key, SysAdmin, SQLAdmin, SOAP API, user favorites capability words.

0 Likes
Highlighted
Absent Member.
Absent Member.

so I added ChMAdmin as another capability word. We will see if it helps.

Thank you.

0 Likes
Highlighted
Absent Member.
Absent Member.

The error continues to occur after adding the ChMAdmin capability word to the service account's operator record

0 Likes
Highlighted
Absent Member.
Absent Member.

So, how can I determine _what_ database is the issue?

 

For instance, logged on as the service account to HPSM, I am able to go to db > cm3r and perform searches and view tickets.

 

So if this message means that database, then I am confused as to why the event.in processing says that the account is not authorized to view the database, but the account can search and view the database from the GUI.

 

Any ideas on  how I could determine more detail?

 

Thank you

0 Likes
Highlighted
Absent Member.. Absent Member..
Absent Member..

If you are running Service Manager 9.31 or higher then you can enable dynamic debugging on the event process and see what it's up to.

 

An RTM setting of 4 is usually enough. You can then set loose a file and see in the primary sm.log what's going on during processing.

 

Don't forget to set it to 0 afterwards.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.