Did you give BLAdmin2 role read access directly on the BLAdmins role object? Check the “permissions” tab to see if BLAdmin2 is there. RBACAdmins is the only role that has authorizations on roles without actually have direct access via the object.
Also, I would suggest running the script as RBACAdmins outside without a job using an NSH Proxy. Unless you plan on running this many times, there is no need to have it as a job.
BLAdmins2 DepotFolder.* BLAdmins2 NSHScript.* BLAdmins2 JobFolder.* BLAdmins2 NSHScriptJob.*
And od course on FS/Target server I have entry in users file:
Did you give the BLAdmin2 role Role.Read on the BLAdmins role object in RBAC?
The error for BLAdmin2 is clear, Role.Read on BLAdmins role object is missing for the current role running the job/script. It’s purely an RBAC error.
1 of 1 people found this helpful
Yes I did.
I workaround this. I've just move from GUI to NSH and I've added NSH_Proxy.Connect authorizations to RBACAdmins and run nsh script using RBACAdmins:RBACAdmin user.
as tim mentioned you did not give the BLAdmins2 authorizations to perform RBAC authorizations and you did not grant BLAdmins2 authorizations on the role you are trying to modify. granting DepotFolder, JobFolder and NSHScript authorizations is not going to have any effect if you are trying to modify a ROLE.
you need to authenticate as a member of RBACAdmins (as you seem to have done) and run your blcli commands, and you don't necessairly need to have NSH_Proxy.Connect authorizations to run blcli commands either...
this is not a workaround - you were trying to run something as a role that did not have permissions to do what you were trying to do. rbac is working properly.
I am trying to reset user password thru a blcli and the role in blcli is RBAC . But on running the job its throwing error of Access Denied User.SetPassword
Does any other permission is required on RBAC role.Please suggest
That is where you need to check the current permission on the user. If it was initially created with RBAC role it would be RBAC.* permission and if you try to reset password through BLAdmin role, you need to assign User.SetPassword authorization.
Hope this works !!
Will check and let you know the results :-)