IBM Support

PH19909: ADD OR MODIFY PLANS HELPER SHOWS OP-03003 EXCEPTION WHEN AUDIT OWNER DOESN?T HAVE PERMISSIONS TO SEE ALL THE AUDITORS

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • Description:
    When the audit owner tries to find an auditor inside the Add or
    Modify Plans helper, and there are auditors outside of its
    security domain (but only at second level of business entities)
    the helper shows the following exception.
    
    Exception Occured: EXCEPTION :
    com.openpages.aurora.service.repository.security.AccessDeniedExc
    eption ERROR CODE : OP-03003 LEVEL : 2 ERROR # : UDS9MER24J5R
    TIMESTAMP : 2019-11-28 12:16:12 MESSAGE : You do not have
    permission to read file "7536".
    
    Workaround:
    Assign the user role to the first level of Business Entities.
    The issue happens when the role is applied to second level of
    Business Entities.
    
    For example:
    SOXBusEntity - BE01
    ----- AuditableEntity - AE01
    -----|----- AuditProgram - Audit01
    SOXBusEntity - BE02
    ----- Auditor - Auditor01
    
    Under this case, assigning user01 role in BE01, even though the
    Auditor is out of its security domain, the helper doesn?t send
    the exception.
    
    Prerequisites:
    A)	OpenPages with solutions installed
    
    B)	OpenPagesAdministrator using OpenPages Modules 7.4.0 Master
    profile
    
    C)	Create the testing data:
    1.	Log in to OpenPages as OpenPagesAdministrator.
    2.	Create the following object records filling in all the
    required fields:
    	SOXBusEntity BE01
    	----- SOXBusEntity BE01-A
    	-----|----- AuditableEntity AE01
    	-----|-----|----- AuditProgram Audit01
    	----- SOXBusEntity BE01-B
    	-----|----- Auditor Auditor01
    
    D)	Create and configure testing user (user01)
    1.	Log in to OpenPages as OpenPagesAdministrator
    2.	Switch to Standard UI
    3.	Navigate to Administration > Users and click on Create User
    4.	Fill in all the required fields, assign OpenPages IAM Master
    profile and click Next until you see Finish and then click
    Finish
    5.	Under Role Assignments section, click on Assign Roles
    6.	Tick IAM ? All Permissions role and click on Next
    7.	Expand ?/? and BE01, tick on BE01-A and click on Finish
    
    
    Steps to Reproduce:
    1.	Log in to OpenPages as OpenPagesAdministrator
    2.	Switch to Standard UI
    3.	Navigate to the auditory Audit01 created in the prerequisites
    4.	Edit the audit selecting user01 in Owner field and click on
    Save
    5.	Log out and log in to OpenPages as user01
    6.	Navigate to Audit Management > Audits
    7.	Filter by % and click on Audit01
    8.	Under Plans field, click on Add or Modify Plans link
    9.	Once the helper opens, click on Add New link
    10.	Select some dates for Start Date and End Date in Scheduled
    field and then click on Find Auditor
    11.	The following error message will appear even though
    Auditor01 should be returned
    Exception Occured: EXCEPTION :
    com.openpages.aurora.service.repository.security.AccessDeniedExc
    eption ERROR CODE : OP-03003 LEVEL : 2 ERROR # : UDS9MER24J5R
    TIMESTAMP : 2019-11-28 12:16:12 MESSAGE : You do not have
    permission to read file "7536". TOKEN :
    2621;2009;user01;9.85.202.192 PARAMS : [7536, 1, Auditor01.txt,
    /_op_sox/Project/Default/ICDocumentation/Auditors/BE01/BE01-B/Au
    ditor01.txt, 49, 7535, 2, BE01-B,
    /_op_sox/Project/Default/ICDocumentation/Auditors/BE01/BE01-B]
    at ?
    
    12.	Close the helper, log out and log in to OpenPages as
    OpenPagesAdministrator
    13.	Navigate to Audit Management > Auditors, filter by Auditor01
    and delete it
    14.	Repeat steps 5 ? 10 and notice the helper doesn?t fail but
    just show the message No Auditors found
    
    
    Expected Results:
    The helper should just show that there is no auditor that meets
    the selected conditions rather than failing with an exception
    
    Actual Results:
    The helper shows an exception when there is an auditor out of
    user?s security point
    
    Error Message:
    Exception Occured: EXCEPTION :
    com.openpages.aurora.service.repository.security.AccessDeniedExc
    eption ERROR CODE : OP-03003 LEVEL : 2 ERROR # : UDS9MER24J5R
    TIMESTAMP : 2019-11-28 12:16:12 MESSAGE : You do not have
    permission to read file "7536". TOKEN :
    2621;2009;user01;9.85.202.192 PARAMS : [7536, 1, Auditor01.txt,
    /_op_sox/Project/Default/ICDocumentation/Auditors/BE01/BE01-B/Au
    ditor01.txt, 49, 7535, 2, BE01-B,
    /_op_sox/Project/Default/ICDocumentation/Auditors/BE01/BE01-B]
    at
    com.openpages.aurora.service.repository.RSUtil.throwAccessDenied
    (RSUtil.java:735) at
    com.openpages.aurora.service.repository.security.AclManager.thro
    wAccessDeniedException(AclManager.java:806) at
    com.openpages.aurora.service.repository.security.AclManager.asse
    rtAccess(AclManager.java:686)
    ...
    com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204)
    at
    com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHand
    ler.java:775) at
    com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905) at
    com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1909) --
    nested by -- 2019-11-28 12:16:12 CODE : OP-03003 LEVEL : 2 NAME
    : com.openpages.sdk.repository.AccessDeniedException ERROR # :
    UDS9MER24J5R TOKEN ID : 2621 USER : user01 IP : 9.85.202.192
    HOST : 9.85.202.192 PARAMETERS : [7536, 1, Auditor01.txt,
    /_op_sox/Project/Default/ICDocumentation/Auditors/BE01/BE01-B/Au
    ditor01.txt, 49, 7535, 2, BE01-B,
    /_op_sox/Project/Default/ICDocumentation/Auditors/BE01/BE01-B]
    MESSAGE : You do not have permission to read file "7536".
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    * OpenPages Users                                              *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    * ADD OR MODIFY PLANS HELPER SHOWS OP-03003 EXCEPTION WHEN     *
    * AUDIT OWNER DOESN?T HAVE PERMISSIONS TO SEE ALL THE AUDITORS *
    ****************************************************************
    * RECOMMENDATION:                                              *
    * Customers should download OpenPages 8.2 from Passport        *
    * Advantage. See the following document for details on         *
    * obtaining OpenPages 8.2:                                     *
    * https://www.ibm.com/support/pages/downloading-ibm-openpages- *
    * watson-version-82-passport-advantage                         *
    ****************************************************************
    

Problem conclusion

  • We made a change to catch the exception when the user doesn't
    have access to one of the available auditors
    
    Customers should download OpenPages 8.2 from Passport Advantage.
    See the following document for details on obtaining OpenPages
    8.2:
    https://www.ibm.com/support/pages/downloading-ibm-openpages-wats
    on-version-82-passport-advantage
    

Temporary fix

Comments

APAR Information

  • APAR number

    PH19909

  • Reported component name

    OPENPAGES GRC

  • Reported component ID

    5725D5100

  • Reported release

    800

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2019-12-04

  • Closed date

    2020-06-18

  • Last modified date

    2020-06-18

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    OPENPAGES GRC

  • Fixed component ID

    5725D5100

Applicable component levels

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSFUEU","label":"IBM OpenPages with Watson"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"800","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
19 June 2020