login as a user in the RBACAdmins role. RBACAdmins (the role) has implicit Read and ModifyACLs on all objects.
As long as the RBACAdmin role is still on the device you should be able to do it with that. I.e. Reassign the BLAdmin...
If not, I strongly suggest to call support and ask them for help on this.
We had a lot of issues around this, and simply going into the DB could make things worse.
RBACAdmins will always have *.ModifyACLs and *.Read, no matter what auths are defined in the role and what permissions are set on the objects.
BLAdmins will always have *.Read no matter what auths are defined in the role and what permissions are on the objects.
but, in our case we had devices and systempackages loosing ALLauthorisations and we were unable to fix this without support intervention.
yeah, in that case, call support. typically rbacadmins can do this, but situations like this can happen.
ok now i have tried it several different ways from the Console...
i right clicked on the device and choose update permissions...
in the window i recive
\Finding objects to update ...
ACL update failed 00-50-56-B3-37-36 - Access Denied Device.ModifyProperties on 00-50-56-B3-37-36
Update permissions complete
the Audit trail shows Device.ModifyACL Access allowed but no change in the permissions on the device.
I tried selecting the device and clicking the Add button on the ACL tab of the Permissions View.
I recive the access denied error i took the screen shot of..
I will call support but There needs to be a documented method to fix this issue...If it happens once it will happen again.
what version of bladelogic are you running? did you get this resolved?
Was this resolved? We are currently on version 8.0 SP5. We are having the exact same issue with Devices. RBACAdmin users can't modify the ACL on the device so it can't be deleted. We currently have a case open with support. I will report what I find if the resolution is not posted here.
Would deleting the device via BLcli help?
blcli -v defaultProfile ProvisionDevice getStateByMacAddress <MAC-address>
blcli -v defaultProfile ProvisionDevice deletePMDevice <MAC-address>
We tried this here as well and if the problem Chris has, has the same root cause it won't work.
The solution in the end was a DB fix, but this is a call support will make.
Chris, did you get anywhere with Support?