Document toolboxDocument toolbox

14.1 Authentication and Authorisation Issues

ServiceManager requires the user to be appropriately authorised to use the system, and with the correct permissions for the action they are trying to perform. This section covers a number of previously seen errors when a user is attempting to interact with the system. Please check whether any of these Reason/Resolutions below are applicable to any reported issue prior to referring to ServicePower Support.

 

User Cannot Logon

 

The Problem

A user cannot logon to ServiceManager.

The Reason

There are a number of possible reasons why this user cannot logon to ServiceManager:

  1. ServiceOptimizer is not running
  2. ServiceOptimizer is running but the SOAP connection is incorrectly specified
  3. ServiceOptimizer is running but the user is not defined in SP085
  4. ServiceOptimizer is running but the user is presenting the wrong password
  5. ServiceOptimizer is running but the user is not enabled to use ServiceManager

The Resolution

Each of the above reasons will result in the user failing to authenticate correctly.

  1. ServiceManager authenticates its users via a SOAP call to ServiceOptimizer, so by necessity requires ServiceOptimizer to be executing.
  2. Specify the correct SOAP connectivity details.
  3. Add the user to SP085.
  4. Determine which password should be applied to this user (is it the database, SP085 or LDAP?)
  5. Set SP085.ENABLED to 1 for this user.

User Can Login but the Menu is Empty

 

The Problem

The user can successfully logon to ServiceManager, but once authenticated is displayed nothing but the application's banner frame:

The Reason

ServiceManager relies on client side JavaScript to perform a number of its actions.  Without JavaScript being enabled within the user's browser ServiceManager will not work and will display a warning message after authentication.

The Resolution

Enable JavaScript within the user's browser, consult the browser's documentation on how to achieve this.

User Can Login but Has No Meaningful Menu

 

The Problem

The user can successfully logon to ServiceManager, but once authenticated is displayed nothing but an empty menu:

The Reason

Whilst this user has been enabled to use ServiceManager he/she has not been given any ServiceManager roles, so consequently cannot perform any meaningful operations within the application.

The Resolution

Review the roles specified in SP808_ROLES, SP802_PERMISSION and SP801_ROLE_PERMISSIONS and allocate the appropriate role(s) in SP800 adding actual values for any required parameters in SP803_AUTH_ACTUAL_PARAMETERS and SP804_PERMISSION_PARAMETERS.

User Can Login and Perform some, but not all, Expected Operations

 

The Problem

The user can successfully logon to ServiceManager, but once authenticated either not all the expected menu items exist, or some functionality (such as being able to update some operative details) is not available.  The user also sees the following warning message:

The Reason

The user experience within ServiceManager is controlled by a collection of predefined roles that can be assigned to the user.  If the definition of these roles is incorrect then those entries are rejected, and made not available to the user, during the logon process.  As a consequence ServiceManager functionality that is reliant upon this information will not be available to the user.

The Resolution

Review the roles specified in SP808_ROLES, SP802_PERMISSION and SP801_ROLE_PERMISSIONS and allocate the appropriate role(s) in SP800 adding actual values for any required parameters in SP803_AUTH_ACTUAL_PARAMETERS and SP804_PERMISSION_PARAMETERS.

User Cannot See All Expected Menu Items

 

The Problem

The user has logged on successfully and can perform a number of operations they'd expect to perform, however some expected menu operations are not available to that user.

The Reason

There are two possible reasons for this issue.  Firstly the user may not have the appropriate role, or secondly the user has the correct role but the user values required for any parameter substitution have not been specified correctly.  Incorrect set up of SP803_AUTH_ACTUAL_PARAMETERS / SP804_PERMISSION_PARAMETERS will result in those permissions requiring parameter substitution being removed from the user's authorisation policy.

See 14.1 Roles and Permissions for details and a worked example. 

The Resolution

Review the roles assigned to this user and modify as appropriate.  Check that the SP803_AUTH_ACTUAL_PARAMETERS and SP804_PERMISSION_PARAMETERS tables have been set up correctly for the roles associated with this user. 

User Cannot Perform All Expected Operations

 

The Problem

The user has logged on successfully and cannot perform all of the operations they'd expect to be able to.

The Reason

This is the same as the previous problem.  In the preceding example the user believes that he is in charge of five FRUs, however cannot perform update operations of any FRU other than "ABC" because all the other entries are incorrect.

The Resolution

As with the preceding example, review the roles assigned to the user and the user values associated with any required parameters in the SP803_AUTH_ACTUAL_PARAMETERS and SP804_PERMISSION_PARAMETERS tables.