Symantec Access Management

  • Private Community
Back to discussions
Expand all | Collapse all

Tech Tip : CA Single Sign-On : AdminUI Read Only Administrator cannot see the Identity Manager Roles in a Policy

  • 1.  Tech Tip : CA Single Sign-On : AdminUI Read Only Administrator cannot see the Identity Manager Roles in a Policy

    Broadcom Employee
    Posted Apr 07, 2017 09:52 AM

    Issue:

     

     Setting permission "Only View" to "myreadonlyadm" administrator, then when
     this administrator tries to see the users from a Policy (Users tab),
     then the AdminUI reports error :

     

     Insufficient rights. fetch, CA.SM::IMSEnvironment

     

     This happens for users which have IDM roles;

     

     Administrator "itviewmyriam"

     

     Workspace : no workspace
     Access Options : GUI

     

     If I login with siteminder super admin, then I can see those Identity Manager Roles objects
     attached to the Policy

     

    Environment:


    Policy Server 12.52SP1CR02;

    AdminUI 12.52SP1CR02;

     

    Cause:

     

    There's a limitation in the XPS code on the Policy Server side that doesn't allow the read-only administrator to view the Identity Manager Roles objects when linked to a given Domain Policy

     

    Resolution:

     

       Apply the CR06 to the Policy Server to fix this issue.
       And because the Policy Server runs CR06, you have to upgrade as well the AdminUI, Pre-req and Policy Store.
       The upgrade of the AdminUI only won't fix the issue.

     

    KB : TEC1839654



  • 2.  Re: Tech Tip : CA Single Sign-On : AdminUI Read Only Administrator cannot see the Identity Manager Roles in a Policy

     
    Posted Apr 07, 2017 11:49 AM

    Thanks for providing this tip to the community Patrick!

    Tech Tip : CA Single Sign-On : AdminUI Read Only Administrator cannot see the Identity Manager Roles in a Policy