Hello all,
I installed 3 weeks ago One Identity Manager, then a week ago I installed the DGE.
I noticed that no permissions are set for all QAM tables in the oimDB: any select on any QAM.. table raises an error.
Thanks
Giuseppe
Hi,
Where are you confirming this?
By "select" do you mean a SELECT statement, or selecting (clicking) a table in one of the front end tools?
What is the error?
Trevor
In It Shop, errors happen when an active group owner tries to say ok to add a user to the group, here some logs:
2020-05-08 16:28:59.8855 INFO ( WebLog f0vnyysoauqb2ivxrvdzlsex) : Creating form VI_Start Form
2020-05-08 16:29:00.0428 ERROR ( WebLog f0vnyysoauqb2ivxrvdzlsex) : System.AggregateException: One or more errors occurred. ---> System.AggregateException: One or more errors occurred. ---> VI.Base.ViException: Error during execution of statement: select count(*) from QAMDuG join
(
select sum(distinct(x.XGroupBitPattern)) as XGroupBitPattern, 0x100000 as XGroupMask, XXPrimaryKey1
from(
select 1 as XGroupBitPattern, UID_QAMDuG as XXPrimaryKey1 from QAMDuG where (UID_QAMDuG in (select c.UID_QAMPoIParent from QAMPoICollection c join QAMDuG d on d.UID_QAMDuG = c.UID_QAMPoIChild where d.IsForITShop = 1))
) x
group by XXPrimaryKey1
) xxxSelect on xxxSelect.XXPrimaryKey1 = QAMDuG.UID_QAMDuG where (uid_qamdug in ( select uid_qamdug from QAMDuG where UID_PersonResponsible = '4c7bb96b-9310-4166-b1c3-c70f121b4278')) ---> VI.DB.DatabaseException:
Database error 229: The SELECT permission was denied on the object 'QAMPoICollection', database 'OneIM', schema 'dbo'. ---> System.Data.SqlClient.SqlException: The SELECT permission was denied on the object 'QAMPoICollection', database 'OneIM', schema 'dbo'.
2020-05-08 16:33:24.9497 INFO ( WebLog f0vnyysoauqb2ivxrvdzlsex) : Loading assembly: JobGen_PersonWantsOrg_EakshvlS9sFmZlwapQKDH3cmWOA, Version=1.0.7422.27662, Culture=neutral, PublicKeyToken=null
2020-05-08 16:33:25.3543 ERROR ( WebLog f0vnyysoauqb2ivxrvdzlsex) : VI.Base.ViException: An exception has occurred while executing the form method F1_ctl00_ControlRef8_ControlRef15_ControlRef15_ControlRef8b_Main_Main_Container43_Button3_Method. ---> System.AggregateException: One or more errors occurred. ---> System.AggregateException: One or more errors occurred. ---> VI.Base.ViException: Error during execution of 'OnSaving' in logic module 'QER.Customizer.PersonWantsOrg'. ---> VI.Base.ViException: Error generating processes for event OrderGranted. ---> VI.Base.ViException: Error executing script 'Event_OrderGranted'. ---> VI.Base.ViException: Error generation process step event ORDERGRANTED. ---> VI.Base.ViException: Error generating process QAM Create DGE Managed Resource. ---> VI.Base.ViException: Error evaluating generation condition. ---> System.AggregateException: One or more errors occurred. ---> VI.Base.ViException: Error during execution of statement: select 1 where exists (select 1 from QAMManagedResourceType where ((Name = N'Simple Share') and (UID_QAMManagedResourceType is null))) ---> VI.DB.DatabaseException:
Database error 229: The SELECT permission was denied on the object 'QAMManagedResourceType', database 'OneIM', schema 'dbo'. ---> System.Data.SqlClient.SqlException: The SELECT permission was denied on the object 'QAMManagedResourceType', database 'OneIM', schema 'dbo'.
at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
2020-05-08 17:11:10.2644 INFO ( WebLog 0drk4nzrhjm0tb3uibvt1nlv) : Creating form QER_Responsibilities_MyResponsibilities QER_Responsibilities_MyResponsibilities
2020-05-08 17:11:10.4048 ERROR ( WebLog 0drk4nzrhjm0tb3uibvt1nlv) : System.AggregateException: One or more errors occurred. ---> VI.Base.ViException: Error during execution of statement: select 1 where exists (select 1 from person where (uid_person in ( select v.uid_personhead from QAM_VPoIOwner v join qamdug d on d.UID_QAMDuG = v.uid_QAMDuG and uid_personhead = 'c380ea57-9a5d-4a54-aa75-01d27f56d864'))) ---> VI.DB.DatabaseException:
Database error 229: The SELECT permission was denied on the object 'QAM_VPoIOwner', database 'OneIM', schema 'dbo'. ---> System.Data.SqlClient.SqlException: The SELECT permission was denied on the object 'QAM_VPoIOwner', database 'OneIM', schema 'dbo'.
at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)
Please note the rows with Database error 229.
Using Sql server management studio and adding the select permission for OneIMUserRoleDB on tables QAM_VPoIOwner, QAMManagedResourceType,QAMPoICollection, the user is added to the group.
This might be better suited to a service request. Assuming the same database user is accessing the main 1IM tables, we would expect this to work. Did you use a different account to install the DGE module?
Trevor
Hello Trevor,
No, I used the same (my) account to install DGE.
Giuseppe
What version did you install?
Thanks
8.1.2
