IBM Support

JR31635: IA INHERITED LDAP GROUP ROLES ARE NOT SEEN BY IA UNTIL YOU GO INTO WEB CONSOLE AND CLICK SAVE FOR THAT USER.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • They are setting the roles up in web console by LDAP group so
    the user is
    never touched. If they go into IA, they do not see any IA
    projects at
    all.
    If they go back into web console and open the user's roles and
    save them
    (you can just add the first and last name and click save) and
    then go
    back into IA, all the IA projects appear.
    The whole point of creating group roles is so that the customer
    doesn't have to touch each individual users.
    This is on AIX and it's 8.1 of IS.
    

Local fix

  • open the user roles and click save
    

Problem summary

  • ****************************************************************
    USERS AFFECTED:
    Users of Information Analyzer that authenticate to an
    Information Server, version 8.1, that is configured to use an
     external user registry and the user or group membership of the
    user accessing an Information Analyzer project does not have
    anyroles directly assigned.
    ****************************************************************
    PROBLEM DESCRIPTION:
    An EntityNotFoundException is thrown when a user is trying to
    access an Information Analyzer or DataStage project.  This
    happens when Information Server is configured to use an
    externalregistry and the user was not stored as a proxy user in
    the local registry.  When a user from the external registry
    is updated in the Information Server Administration Console
    a proxyof that user is stored in the Information Server local
    user  registry, which avoids getting the
    EntityNotFoundException.
    ****************************************************************
    RECOMMENDATION:
    This fix is included in IS 81 FP1 and patch JR31635_v2.  If not
       available yet, the users accessing the Information Analyzer
    or  DataStage projects can be updated using the Information
    Server Administration Console so that a proxy user will be
    stored in   the ISF local registry.
    ****************************************************************
    

Problem conclusion

  • Resolution was to stop throwing the EntityNotFoundException
    whengetting the roles for the user and the user is from an
    external user registry and does not exist as a proxy user in the
    ISF local registry.  Instead, an empty array of roles or an
    array of the roles inherited from the user's group memberships
    will bereturned, which is the correct action to be taken.
    

Temporary fix

Comments

APAR Information

  • APAR number

    JR31635

  • Reported component name

    WIS INFORM ANAL

  • Reported component ID

    5724Q36IA

  • Reported release

    810

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2009-01-09

  • Closed date

    2010-01-13

  • Last modified date

    2010-01-13

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Modules/Macros

  • SERVER
    

Fix information

  • Fixed component name

    WIS INFORM ANAL

  • Fixed component ID

    5724Q36IA

Applicable component levels

  • R810 PSY

       UP

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSZJLG","label":"InfoSphere Information Analyzer"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.1","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
13 January 2010