Actions taken by Users not Authorized receive "Error: U00000009 '&01': Access denied"

Document ID : KB000084783
Last Modified Date : 14/04/2018
Show Technical Document Details
Issue:
Error Message :
"Error: U00000009 '&01': Access denied"
"Error: U0000009 '&01': Access denied"

Whenever an Automic UserInterface User performs an action which it is not authorized to perform, the above error message is displayed.

The insert '&01' is replaced by the object name which casued the violation. Often it's not easy to determine which permission is missing in the details.  

Investigation
  • A user wants to release a job manually via the activity window.
0EMb0000000IVJ2.png
But the message "Error: U0000009 'JOBS.WIN.NO$JCL': Access denied" is issued. Without the "Security audit failure" it's difficult to find out which authorization the user needs to own for this action, because no additional information is given.
0EMb0000000IVJ7.png
  • Add the Key: 'SECURITY_AUDIT_FAILURE' and the Value 1: 'HOST_ACCESS LOGON OBJECT_ACCESS USER_PRIVILEGES' to the 'UC_CLIENT_SETTINGS' to activate the "Security audit failure" trace. It takes place immediately after the variable was saved, no restart is necessary.
Afterwards additional information is displayed in the message window.
0EMb0000000IVJC.png
Note: The message type of these messages is "security". So it's necessary to activate "security messages" within the messages window settings to see them.

0EMb0000000IVJH.png
4/27/2012 9:22:02 AM - U0004506 Access violation: User: 'TEST/NIX' Object: 'JOBS.WIN.NO$JCL' Access: 'M' Reason: No right found in authorization group '1'.
The U0004506 message contains the following information:
  • The user which caused the violation, 'TEST/NIX' in this example
  • The object which was used by this user, 'JOBS.WIN.NO$JCL' in this example
  • The specific access which is necessary for the action, but the user doesn't own, 'M' in this example
4/27/2012 9:22:02 AM - U0004519 Access violation details: Used filter: 'JOBS/JOBS.WIN.NO$JCL/VWGSUP11//LOGIN.PC0357///' .
The U0004519 message contains the filter used for the object access.
Environment:
OS Version: N/A
Cause:
Cause type:
By design
Root Cause: UserInterface authorizations prevent users from performing actions on objects that they are not authorized to access. Use the Security audit to determine which authorizations are required when access denied error is thrown.
Resolution:
Use  the "Security audit" as it is an appropriate function to determine the details:
  • "Security audit failure" traces all authorization violations.
  • "Security audit success" traces all successful authorization checks.
The security audit can be set up differently for each Automic client via the UC_CLIENT_SETTINGS. More details on that can be found in the Automic Documentation.  See the references listed below.

References

Automic Workload Automation 11.2 Documentation
Administration Guide > Configuration > Settings in Variables > UC_CLIENT_SETTINGS - Various Client Settings


Fix Status: No Fix

Fix Version(s):
N/A
Additional Information:
Workaround :
N/A