After Upgrading from r11.2 to r12.0 / r12.1 when trying to create a ticket using "maileater" the ticket does not get created. Instead the sender receives the following error -
AHD58045: Because of security restrictions, you are not allowed to complete this operation. Ask your security administrator for access. Cannot continue processing!
If you change the Access Type it works fine.
With advent of r12.0, one of the many features that were introduced to make the product ITIL V3 compliant was 'ROLES'. Having said this, a given Access Types can assume various roles. Also, an access type, generally can assume a default role, as defined by your Administrator.
After you migrate to r12.0 / r12.1 this feature comes into play, now due to security restriction, it could be possible that your administrator might have down-sized your Functional access levels, for the assigned role (Generally Default Role). As a part of this process Functional access for say 'Requests' could have been set to 'View'. This will stop you from creating tickets via Maileater functionality. Eventually returning you with the error -
AHD58045: Because of security restrictions, you are not allowed to complete this operation. Ask your security administrator for access. Cannot continue processing!.
stdlog will carry the following error -
08/20 08:39:52.03 ab-srvdesk01 spelsrvr 5716 SIGNIFICANT text_api.spl 2045 User (email@example.com) not authorized to modify factory (cr)
08/20 08:39:52.03 ab-srvdesk01 spelsrvr 5716 ERROR cr_chg_text_api.spl 1001 AHD58045: Because of security restrictions, you are not allowed to complete this operation. Ask your security administrator for access. Cannot continue processing!
To overcome this problem do the following -
- Identify the Access Type with which you are having problem.
- Log onto CA Service Desk Manager as administrator.
- Click on Administration Tab.
- On the Left Pane Expand the Security and Role Management Tree -> Click on Access Types -> Select the problematic Access Type.
- Once the Access Type Detail Window opens -> Click on '3. Roles' Tab.
- You will see there are one or more roles defined for this access type -> Select the default Role to Open the Role Detail screen.
- Click on '2. Function Access' Tab -> Check if the function access is restricted for the said ticket type (Let's assume Requests) to View / None.
Note: Function access for a ticket type can be set to Modify / View / None See definition for each below -
None: The role cannot access this function.
View: The role can view records in this area, but cannot modify / create.
Modify: The role can edit records in this area, which includes creation.
- Click on Edit and set it to 'Modify' using the drop down.
- Save and try again and you should be fine.
Note: Please do not confuse this with the Technical Document - TEC489206