Access Violation Administrator messages appear when users without write access to User objects log in using ECC

Document ID : KB000087979
Last Modified Date : 14/04/2018
Show Technical Document Details
Issue:
Affects Release version(s): 11

Error Message :
U00004519 Access violation details: Used filter: ' USER/XYZ/XYZ//////' .
U00004505 Access violation: User: 'XYZ/XYZ' Object: ' XYZ/XYZ' Access type: 'W' Reason: prohibition in authorization profile: 'XYZ/XYZ'.

In the Enterprise Control Center (ECC) the Admin receives the following Access Violation messages when a user logs on to the application without having access to ones User object or when opening an object to which no write access exists:
 
12.07.2016 09:27:23 - U00004519 Access violation details: Used filter: ' USER/XYZ/XYZ//////' .
12.07.2016 09:27:23 - U00004505 Access violation: User: 'XYZ/XYZ' Object: ' XYZ/XYZ' Access type: 'W' Reason: prohibition in authorization profile: 'XYZ/XYZ'.

When logging in to the Java User Interface (UI) no messages are printed.

Investigation
  1. Set the following Authorizations for a User:
0EMb0000001UqdR.png
  1.  Log in to ECC with the User and these rights settings
  2. Check the Logfiles (WP) - the Access violation messages are also inside
Another way to check this behavior:
  1. Set the following settings in the Java-UI for the Client via Options | Settings | Message Window:
Subscribed messages:
Set a checkmark at "Everything in the current Client"
Set a checkmark at "Administrator messages"
Set a checkmark at "Security messages"

 
0EMb0000001UqdW.png
  1. Additionally, set in the UC_CLIENT_SETTINGS of this user to the following:
SECURITY_AUDIT_FAILURE | HOST_ACCESS,LOGON,OBJECT_ACCESS,USER_PRIVILEGES

0EMb0000001Uqdb.png
  1. Login to ECC with the User
With this additional settings the output are also printed to the message window.
Environment:
OS Version: N/A
Cause:
Cause type:
Defect
Root Cause: Access violation messages displayed when they shouldn’t be: 1) when users with no write access to an object open it and 2) when users logged in to the AWI and have no write access to the User object.
Resolution:
Update to a fix version listed below or a newer version if available.

Fix Status: Released

Fix Version(s):
Automic Web Interface 12.0.2 - Available
Additional Information:
Workaround :
N/A