Problem:
Preview is working, but when edit documents such as ppt or xlsx, it failed to be opened in Docs with error "Conversion service is not available"
Environment:
Docs 2.0 CR3
Diagnostic:
Review logs of Docs server. It is found that:
[18-9-25 23:30:29:037 CST] 000000f2 DocEntitlemen W error when executing SQL: SELECT * FROM "CONCORDDB"."DOC_ENTITLEMENT "WHERE" LEVEL_NAME " =?
com.ibm.db2.jcc.am.SqlSyntaxErrorException: The statement failed because the authorization ID does not have the authorization or privilege required to perform the operation.Authorization ID: "LCUSER".Action: "SELECT".Object: "CONCORDDB.DOC_ENTITLEMENT"..SQLCODE=-551, SQLSTATE=42501, DRIVER=4.21.29
Check j2c alias in WAS Admin console. It is mapped to LCUSER.
Per Docs installation documentation, they need to use docsuser.
https://www.ibm.com/support/knowledgecenter/SSFHJY_2.0.0/deploy/creating_dedicated_db2user.html
It is confirmed that customer changed the related SQL to let LCUSER get granted instead of docsuser.
Review the appGrants.sql that used to grant access to LCUSER.
It is found that only half application db granted by LCUSER like below:
GRANT CONNECT ON DATABASE TO USER DOCSUSER@
GRANT INSERT,UPDATE,SELECT,DELETE ON "CONCORDDB"."USERPREFERENCE" TO USER LCUSER@
GRANT INSERT,UPDATE,SELECT,DELETE ON "CONCORDDB"."DOCEDITORS" TO USER LCUSER@
...
GRANT INSERT,UPDATE,SELECT,DELETE ON "CONCORDDB"."PRODUCT" TO USER LCUSER@
GRANT INSERT,UPDATE,SELECT,DELETE ON "CONCORDDB"."HKTASK" TO USER LCUSER@
GRANT INSERT,UPDATE,SELECT,DELETE ON "CONCORDDB"."PRODUCT" TO USER DOCSUSER@
GRANT INSERT,UPDATE,SELECT,DELETE ON "CONCORDDB"."HKTREG" TO USER DOCSUSER@
...
GRANT INSERT,UPDATE,SELECT,DELETE ON "CONCORDDB"."CUSTOMER_CREDENTIAL" TO USER DOCSUSER@
This is totally incorrect as there is only one user can be mapped to docsJAASAuth in J2C Authentication.
Solution:
Re-edit this appGrants.sql and re-set to docsuser. Then, follow below documentation to create a docsuser in Linux and add it to related db2admin group.
https://www.ibm.com/support/knowledgecenter/SSFHJY_2.0.0/deploy/creating_dedicated_db2user.html
After that, Run appGrants.sql.
Change docsJAASAuth in J2C Authentication of WAS Admin console.
Synchronize node and restart all Docs server.