DUAS6: commands returns error: "abandon" or "Access denied error"

Document ID : KB000112625
Last Modified Date : 31/08/2018
Show Technical Document Details
Issue:
Some commands like "uxordre" or "uxadd fla" fail when launched the command as a specific username.
Same commands work when launched as the Dollar Universe Administrator / root or some specific users.

Example of the command that fails when launched as username:

$UXEXE/uxordre tsk=TASKNAME mu=MUNAME param=test
(Technical info is absent: abandon)
or
 (Abandon par manque d'informations techniques) 

Or:
$UXEXE/uxadd fla tsk=TASKNAME mu=MUNAME pdate=08/01/2018
 Command : uxadd fla tsk=TASKNAMEmu=MUNAME pdate=08/01/2018 exlw=(0000,0000) nseq=0000   vses=000 vupr=000 noforce nocentral norestart nobypass nopartage vartsk
Access denied error
command in error!!
Environment:
Dollar Universe 6, any OS
Cause:
The System User Pattern (proxy) is mapped to a Group that does not have enough permissions to execute the required Operation.

In order to find the root cause, the main log level needs to be increased to 0,SECURITY so that we can see what specific "Role" has been used and what permission is denied.

Example:
  • Increase the Main Log Level to 0,SECURITY via UVC or via the command line
unisetvar U_LOG_LEVEL 0,SECURITY
  • Then relaunch the command that fails and check the universe.log, you shoud see the following kind of lines that should tell you which Role / Permission is provoking the error:
|TRACE|X|IO |pid=p.t| owls_init_client          | Client uxordre proxy is: [SYS] [hostname\username]
|TRACE|X|IO |pid=p.t| getSecurity               | 25 security patterns available
...
|TRACE|X|IO |pid=p.t| IsMatchProxyFilter        | System user HOSTNAME\USERNAME matches pattern */*\*
|TRACE|X|IO |pid=p.t| getSecurity               | Client uxordre username on hostname.domain has 4 security roles
...
|INFO |X|IO |pid=p.t| o_check_security          | GRANTED ACCESS: role(DUAS TST600/X Read-only) -> this is the role that corresponds to the username that launched the command
|INFO |X|IO |pid=p.t| owls_check_security       | Security denied for OBJ(LAUNCH) OPER(CREATE) -> this is the operation that is denied due to the role applied
Resolution:
By default, when UVMS is installed, there is a default System User Pattern that allows Operators operations to every System User.

Default System User Pattern

Sometimes, Dollar Universe Admins prefer to restrict this permissions and assign the group "Read-Only Users".

As a result, unless a specific "System User Pattern" is created for the user that should launch commands like "uxadd fla / uxordre..." and mapped to a Group with Roles that allow it, the commands will fail.

To fix it, create a "System User Pattern" for the user that will launch the command, here you have an example where we will map the user called "username" to the group "Operators":
User-added image

Then perform a "Full Synchronization" of the node so that this new proxy is pushed to the node.
Full Sync

Finally, relaunch the command that was failing, this time it should work.