IBM Support

Deployment of event project from Decision Center fails with IlrDeployEventsException

Troubleshooting


Problem

Event project fails to deploy with "The role-based authorization check failed for admin-authz operation Server:getName. The user ... was not granted any of the following required roles" error in the server logs.

Symptom

When deploying an event project from Decision Center enterprise console from the Project tab and Deployment / deploy Project the below error message is returned:

Message Cannot Deploy

ilog.rules.teamserver.model.IlrDeployEventsException: Internal Server Error

The following message error message is found in the WAS_HOME/profiles/PROFILE_NAME/logs/SERVER_NAME/SystemOut.log of the server:

RoleBasedAuth A   SECJ0305I: The role-based authorization check failed for admin-authz operation Server:getName.  The user _USERID_ (unique ID: user:defaultwimfilebasedrealm/uid=_USERID_,o=defaultwimfilebasedrealm) was not granted any of the following required roles: deployer, operator, configurator, monitor, administrator, adminsecuritymanager, auditor.

Cause

The user used to connect from Decision Center to the Decision Server Event server, defined in tab Configure link Deployment / Manage Servers must have either WebSphere Application Server administrative role Operator or Administrator.

This is a requirement of the Decision Server Event security configuration described in the documentation since version 8.5 of WebSphere Operational Decision Manager: "Operational Decision Manager V8.5 > Decision Server Events > Reference for Decision Server Events > Configuration settings, properties and parameters > User roles and administrative user roles".

Environment

It does apply to every WebSphere Application Server version supported by Decision Server Event server.

Diagnosing The Problem

Review server logs and mapping of user deploying the event project.

Resolving The Problem

The problem can be solved granting Administrator or Monitor role to the authenticated user deploying the project to the event runtime (_USERID_ in error message above), or to any group to which it belongs.

This procedure is documented in WebSphere Application Server documentation chapter "Network Deployment (All operating systems), Version 8.5 > Securing applications and their environment > Securing the full profile > Authorizing access to resources > Authorizing access to administrative roles".

[{"Product":{"code":"SSQP76","label":"IBM Operational Decision Manager"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Modules:Execution Server","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.7;8.6;8.5;8.0;7.5","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
23 July 2021

UID

swg21661192

Page Feedback