IBM Support

A group manager for IBM Business Process Manager (BPM) cannot assign or re-assign tasks to users from an external security provider

Troubleshooting


Problem

When a group manager attempts to assign a task to a user, a "You are not authorized to perform the 'assign' action" or "You are not authorized to reassign the task to this user" message is seen.

Symptom

The previous error messages are seen when the group manager attempts to assign a task to a user under the following conditions:

  • The user is a a newly created user for an external security provider.

  • The user is an existing user from an external security provider who has never logged onto the Process Portal, Process Admin Console, and so on.

  • The user belongs to an external security provider whose group membership has recently changed.


Because the user exists under one of these conditions, the group memberships or the updates for the user are not yet available or registered in the IBM Business Process Manager database. If you attempt to use the "Full Synchronize" option in the Process Admin Console, it does not synchronize the group membership information for a user; only user IDs are synchronized. Groups are synchronized during the start up process for a server or cluster member. However, user information and group membership information is not updated.

Cause

Group membership information for an external security provider is only available in IBM Business Process Manager when the user logs into the Process Portal, Process Admin Console, and so on. Because the group membership information is either not available or is incorrect, when you attempt to assign or reassign a task to a user from an external security provider, you see one of the following error messages:

  • "You are not authorized to perform the 'assign' action"

  • "You are not authorized to reassign the task to this user"

Resolving The Problem

To resolve the issue, you can update the group membership information for users from an external security provider using one of the following methods:

  • Have the user from the external security provider log into the Process Portal or the Process Admin Console.

  • Use a REST API with the user from the external security provider.

  • Use a web service API with the user from the external security provider.

  • Version 8.5:
    • For specific users, use the bpm_install_location\BPM\Lombardi\tools\security\groupMembershipUpdate.bat or bpm_install_location/BPM/Lombardi/tools/security/groupMembershipUpdate.sh command.

    • For all users that are known to IBM Business Process Manager, use the bpm_install_location\BPM\Lombardi\tools\security\groupMembershipFullUpdate.bat or bpm_install_location/BPM/Lombardi/tools/security/groupMembershipFullUpdate.sh command


After one of the previous steps is completed, the group manager can assign or reassign tasks to a user from the external security provider.

Related Information

[{"Product":{"code":"SSFTN5","label":"IBM Business Process Manager Advanced"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Security","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"8.5;8.0.1;8.0;7.5.1;7.5","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}},{"Product":{"code":"SSFTBX","label":"IBM Business Process Manager Express"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Security","Platform":[{"code":"PF016","label":"Linux"},{"code":"","label":"Linux zSeries"},{"code":"PF033","label":"Windows"}],"Version":"8.5;8.0.1;8.0;7.5.1;7.5","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}},{"Product":{"code":"SSFTDH","label":"IBM Business Process Manager Standard"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Security","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"","label":"Linux zSeries"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"8.5;8.0.1;8.0;7.5.1;7.5","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Product Synonym

BPM

Document Information

Modified date:
15 June 2018

UID

swg21647104