To which version of 8.9 did you upgrade?
This is on the object Properties screen you do not see the info as expected?
My problem is I have auditors that used to be able to view the info on the right side below but now can only view the top level information on the left side.
Also they used to be able to view permissions on the Registry Keys, which they can no longer do.
The same problem is now happening under File System where they can no longer view permissions there either.
In live browse If they right click registry folder HKEY_LOCAL_MACHINE, they get an error dialog
Error getting ACL information from ServerName(MACHINE): Unknown error
When viewing the File System, the customer expands the file system and select Properties to view security information it's always blank however I can view the permissions with
my rbac role. The rule used to be able to view the permissions.
I'm trying to figure out what changed and how to get it back... if authorizations have to be updated..
1 of 1 people found this helpful
are there any errors in the appserver log or agent log when this happens ?
i can see the permissions on both objects just fine.
i would look at the permission differences between your roles along w/ any possible errors. turn one of the rscd agents here on debug mode and see if that shows anything useful. mapping to the right user, etc etc.
Looked at one of the servers this morning.
Tried the same approach with both my RBAC role and the Auditor role and attempted to get properties on HKEY_LOCAL_MACHINE.
RBAC worked fine.
Auditor role came back with an error dialog
Error getting ACL information from SERVERNAME(MACHINE): Unknown error
and the agent log file contained:
CM: command: "reg_scan -t4 -k" not authorized
CM: Error "2Not authorized to run this command " while executing command: reg_scan -t4 -k
CM: command: "win_acl get 4 MACHINE" not authorized
CM: Error "2Not authorized to run this command " while executing command: win_acl get 4 MACHINE
Both the RBAC Role and the Auditor role map to the same local user in the Role Agent ACL tab.
what's in the users or users.local for these two roles ?
in the role's list of permissions, how are they different ?
Users.local shows the following:
RBACRole ( This one works )
Auditor Role (This does not work)
the auditor role is trying to run a command (reg_scan) that it's not allowed to use. it's only allowed to run the commands after the 'commands' entry.
Looks like win_acl was the other missing component.
Bill.. as always thanks! Your help is much appreciated.