Troubleshooting
Problem
The ${credential:get()} expression does not get evaluated and an error is thrown with the root cause that the user does not belong to a group and that it cannot access the credential.
Credential functions include a group argument that defines the user group that can access the secret. The group argument ensures that the user who attempts to preview, validate, or start a pipeline that includes a credential function belongs to the group specified in the function.
Symptom
There are two errors listed in this case, but CTRCMN_0100 is not the real error as it is caused by CREDENTIAL_STORE_001. The following error is seen when trying to use the credential:get() function:CTRCMN_0100 - Error evaluating expression ${credential:get("<cstore ID>", "<group ID>@<organization ID>", "<secret name>&<secret key name>")}: CREDENTIAL_STORE_001 - Store ID '<cstore ID>', user does not belong to group '<group ID>@<organization ID>', cannot access credential '<secret name>&<secret key name>'
Resolving The Problem
The CTRCMN_0100 error is for the failure of the expression evaluating. Solving the secondary error CREDENTIAL_STORE_001 will also solve CTRCMN_0100 in this case.
The user must have execute permissions on the pipeline.
If you do not want to restrict access to a secret, specify the default group using all or all@<organization ID>.
If Data Collector shuts down while running a pipeline that uses a credential function, Data Collector restarts the pipeline without checking the group access.
More information about Group Access to Secrets can be found in our documentation at this link:
Group Access to Secrets - Credential Stores
Document Location
Worldwide
Was this topic helpful?
Document Information
Modified date:
15 March 2025
UID
ibm17186167