Authentication and Authorisation Issues
- Matthew Wren
ServiceManager requires the user to be appropriately authorised to use the system, and with the correct permissions for the action they are trying to perform. This section covers a number of previously seen errors when a user is attempting to interact with the system. Please check whether any of these Reason/Resolutions below are applicable to any reported issue prior to referring to ServicePower Support.
Â
The Problem
A user cannot logon to ServiceManager.
The Reason
There are a number of possible reasons why this user cannot logon to ServiceManager:
- ServiceOptimizer is not running
- ServiceOptimizer is running but the SOAP connection is incorrectly specified
- ServiceOptimizer is running but the user is not defined in SP085
- ServiceOptimizer is running but the user is presenting the wrong password
- ServiceOptimizer is running but the user is not enabled to use ServiceManager
The Resolution
Each of the above reasons will result in the user failing to authenticate correctly.
- ServiceManager authenticates its users via a SOAP call to ServiceOptimizer, so by necessity requires ServiceOptimizer to be executing.
- Specify the correct SOAP connectivity details.
- Add the user to SP085.
- Determine which password should be applied to this user (is it the database, SP085 or LDAP?)
- Set SP085.ENABLED to 1 for this user.
The Problem
The user can successfully logon to ServiceManager, but once authenticated is displayed nothing but the application's banner frame:
The Reason
ServiceManager relies on client side JavaScript to perform a number of its actions. Without JavaScript being enabled within the user's browser ServiceManager will not work and will display a warning message after authentication.
The Resolution
Enable JavaScript within the user's browser, consult the browser's documentation on how to achieve this.
The Problem
The user can successfully logon to ServiceManager, but once authenticated is displayed nothing but an empty menu:
The Reason
Whilst this user has been enabled to use ServiceManager he/she has not been given any ServiceManager roles, so consequently cannot perform any meaningful operations within the application.
The Resolution
Review the roles specified in SP808_ROLES, SP802_PERMISSION and SP801_ROLE_PERMISSIONS and allocate the appropriate role(s) in SP800 adding actual values for any required parameters in SP803_AUTH_ACTUAL_PARAMETERS and SP804_PERMISSION_PARAMETERS.
The Problem
The user can successfully logon to ServiceManager, but once authenticated either not all the expected menu items exist, or some functionality (such as being able to update some operative details) is not available. The user also sees the following warning message:
The Reason
The user experience within ServiceManager is controlled by a collection of predefined roles that can be assigned to the user. If the definition of these roles is incorrect then those entries are rejected, and made not available to the user, during the logon process. As a consequence ServiceManager functionality that is reliant upon this information will not be available to the user.
The Resolution
Review the roles specified in SP808_ROLES, SP802_PERMISSION and SP801_ROLE_PERMISSIONS and allocate the appropriate role(s) in SP800 adding actual values for any required parameters in SP803_AUTH_ACTUAL_PARAMETERS and SP804_PERMISSION_PARAMETERS.
The Problem
The user has logged on successfully and can perform a number of operations they'd expect to perform, however some expected menu operations are not available to that user.
The Reason
There are two possible reasons for this issue. Firstly the user may not have the appropriate role, or secondly the user has the correct role but the user values required for any parameter substitution have not been specified correctly. Incorrect set up of SP803_AUTH_ACTUAL_PARAMETERS / SP804_PERMISSION_PARAMETERS will result in those permissions requiring parameter substitution being removed from the user's authorisation policy.
See Roles and Permissions for details and a worked example.Â
The Resolution
Review the roles assigned to this user and modify as appropriate. Check that the SP803_AUTH_ACTUAL_PARAMETERS and SP804_PERMISSION_PARAMETERS tables have been set up correctly for the roles associated with this user.Â
The Problem
The user has logged on successfully and cannot perform all of the operations they'd expect to be able to.
The Reason
This is the same as the previous problem. In the preceding example the user believes that he is in charge of five FRUs, however cannot perform update operations of any FRU other than "ABC" because all the other entries are incorrect.
The Resolution
As with the preceding example, review the roles assigned to the user and the user values associated with any required parameters in the SP803_AUTH_ACTUAL_PARAMETERS and SP804_PERMISSION_PARAMETERS tables.