IBM Support

IJ29050: QRADAR NON-ADMIN USER CANNOT VIEW SOME LOG SOURCE GROUPS USING THE LOG SOURCE MANAGEMENT APP

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • A QRadar non-admin user cannot view Log Source groups when the
    Security Profile is set to a nested Log Source group using the
    Log Source Mangement App.
    For Example:
    1) Have some Log Source Groups with Log Sources as the
    following:
        Group A  --> top level
            Group AB
                Group ABC
    2) Have Security Profiles and users who has permission to see
    one of those log source groups.
        userALL with a Security Profile set to all log source group.
        userA with a Security Profile assigned to group "A"
        userAB with a Security Profile assigned to group "A.AB"
        userABC with a Security Profile assigned to group "A.AB.ABC"
    3) Deploy, log in as new users, navigate to Log Source
    Management App.
        userA and userALL can view groups correctly.
        userAB and userABC cannot see any groups when clicking "+
    Add Group".
    

Local fix

  • Create a top level Log Source group for use with Security
    Profile assignment.
    

Problem summary

  • This issue was fixed in QRadar Log Source Management app v7.0.2
    along with QRadar 7.3.3 FixPack 9, 7.4.2 FixPack 3 and 7.4.3
    FixPack 1.
    

Problem conclusion

  • This issue was fixed in QRadar Log Source Management app v7.0.2
    along with QRadar 7.3.3 FixPack 9, 7.4.2 FixPack 3 and 7.4.3
    FixPack 1.
    

Temporary fix

Comments

APAR Information

  • APAR number

    IJ29050

  • Reported component name

    QRADAR APPLICAT

  • Reported component ID

    5737QRAPP

  • Reported release

    741

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2020-10-30

  • Closed date

    2021-08-11

  • Last modified date

    2021-08-11

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    QRADAR APPLICAT

  • Fixed component ID

    5737QRAPP

Applicable component levels

[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM QRadar SIEM"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"741"}]

Document Information

Modified date:
12 August 2021