IBM Support

'The user currently logged in is not authorized to use this method' when creating new users due to duplicate user entries inside "Controller Administrators" group

Troubleshooting


Problem

User launches Controller and clicks on to 'Maintain - Rights - User'. User receives an error. After clicking OK, the user sees the user screen, but cannot view/change any other user's CAM usernames (for example "NAMESPACE\Username"). In other words, the field "Cam User" is blank (white) and the user cannot modify the settings for any user.

Symptom

Information
The user currently logged in is not authorized to use this method.
OK

Cause

There are many different potential causes for these symptoms.

  • For more examples of the "The user currently logged in is not authorized to use this method" error, see separate IBM Technote #1371155.
  • For more examples of the blank/white "Cam User" symptom, see separate IBM Technote #1578394.

This IBM Technote specifically relates to the scenario where the problem is caused by there being duplicate/similar user entries inside the Cognos security groups "Controller Administrators" and/or "Controller Users".
  • There is a known limitation of Controller where this functionality will not work

More Information:
In one real-life example, the customer was in the process of migrating from one Active Directory domain (e.g. "DOMAINOLD") to a new domain (e.g. "DOMAINNEW") and therefore the superuser had two user accounts ("DOMAINOLD\JohnSmith" and "DOMAINNEW\JohnSmith").
  • The system worked OK when either one (or the other) was a member of "Controller Administrators", but did not work when both were members of that group.

Resolving The Problem

Ensure that each user only has one entry listed in each of the following Cognos groups:

  • Controller Administrators
  • Controller Users

Specifically, you must not have two (or more) users (in either of those Security groups) whose Active Directory accounts have the same value for the setting "User logon name (pre-Windows 2000)".

Steps:

  1. Launch Cognos Connection (http://servername/ibmcognos)
  2. Click "IBM Cognos Administration"
  3. Click tab "security"
  4. Open namespace "Cognos"
  5. Click "Properties" for 'Controller Administrators'
  6. Click "Members"
  7. Ensure that there are NOT two entries (probably for the same user e.g. "John Smith") which have the same userID (e.g. "SMITHJ") but in different Active Directory domains.
  8. Repeat the above for the Cognos group "Controller Users".

NOTE: If you have two similar entries, then change one of the user's setting (inside Active Directory, specifically "Active Directory Users and Computers") so that the values for the setting "User logon name (pre-Windows 2000)" are unique:


[{"Product":{"code":"SS9S6B","label":"IBM Cognos Controller"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Controller","Platform":[{"code":"PF033","label":"Windows"}],"Version":"10.1.1","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
15 June 2018

UID

swg21620794

Page Feedback