VMware Cloud Community
FSvcoe
Enthusiast
Enthusiast
‎07-22-2013 11:13 AM

Error when running vco self provisioning portal

After importing and recreating the Self Service Portal from a 4.1 to 5.1 VCO server, a user can input a request, but when he clicks submit, the workflow fails, and records the following message in the server.log:

"2013-07-22 12:59:30.095-0400 INFO  [SCRIPTING_LOG] Cannot set attributeUser LDAP-USER- the user user@domain.com doesn't have required access rights ((Edit, false)) for calling updateConfigurationElementWithContent method"

I've edited the ldap user info in the error above, but hopefully you get the idea. I've confirmed the old access was set to View/Execute for the 4.1 server, but for 5.1 it doesn't appear there is an Execute equivalent. Is this by design or a bug? Is there a workaround for this difference? Thanks.

Reply
0 Kudos
6 Replies
Matt_B1
Enthusiast
Enthusiast
‎07-22-2013 11:54 AM

I am running the vCO v5.1.1 appliance and I can see all 5 permission types (View, Execute, Inspect, Admin, Edit).  I added View/Execute at the top of the workflow tree for a VCOUsers group that includes "AD\Domain Users".  I do not have any permissions issues for user using my self-service portal.

Reply
0 Kudos
FSvcoe
Enthusiast
Enthusiast
‎07-22-2013 12:14 PM

Hi Matt,

Yes, from the workflow tab all 5 are visible. It's a difference between the actual configurations in 4.1 and 5.1 that for some reason 5.1 doesn't list 'Execute' on the packages.

Preview file
12 KB
Reply
0 Kudos
igaydajiev
VMware Employee
VMware Employee
‎07-23-2013 01:02 AM

Can you try providing  Execute permissions on folder containing the workflows.

Preview file
308 KB
Reply
0 Kudos
FSvcoe
Enthusiast
Enthusiast
‎07-23-2013 11:45 AM

Doesn't work. I had to specifically add the Edit permission, but still no Execute permission showing. Keep in mind this is for the package only.

Reply
0 Kudos
igaydajiev
VMware Employee
VMware Employee
‎07-24-2013 12:15 AM

The Exceute permission  on Package level were removed and can not be edited.

The security model in 5.1 itself is stricter than the one in 4.1.

Could you describe with a bit more details what would you like to achieve.

Reply
0 Kudos
FSvcoe
Enthusiast
Enthusiast
‎07-24-2013 12:18 PM

Igor,

Attempting to run the self service portal for any user not assigned 'edit' permission on the workflow or underlying packages fails with the initial error I posted. I'm attaching a scnreeshot of the workflow failure point below. It appears under 4.1 we could assign execute and this would work, but the model has been changed as you mentioned.

Preview file
58 KB
Reply
0 Kudos