Usage Note 20381: The login might fail with a permission error
 |  |  |  |
When you attempt to log into the SAS® Information Delivery Portal, the login might fail with the following error in the portal.log file:
l.delegates.authentication.LogonDelegate - Access denied. .metadataOperations.SearchMetadataFacade - getObjectFromId: An error occurred while retrieving metadata. com.sas.services.ServiceException: An error occurred while retrieving metadata. [ com.sas.metadata.remote.MdException: The user does not have permission to perform this action. [ com.sas.iom.SASIOMDefs.GenericError: The user does not have permission to perform this action. ] ]
The metadata server log might contain the following error:
UpdateMetadata return code=807fe8f4.... DoRequest return code=807fe8f4.... The user does not have permission to perform this action.
These errors indicate that the user has been authenticated, but does not have permission to perform an action in the metadata.
To correct the problem, verify that the user has ReadMetadata and WriteMetadata permissions in the Default ACT.
In the SAS® Management Console:
- Expand Authorization Manager
- Expand Access Control Template
- Right-click and select Properties for the active ACT (such as Default ACT)
- Select the Users and Permissions tab and verify that the user or group in which the user is a member has been granted ReadMetadata and WriteMetadata permissions. Note that if the PUBLIC group has these permissions and the user has not been denied these permissions, the permissions are set correctly.
If the process described above does not solve the problem, verify that the user's portal permission tree has the appropriate permissions.
To do this, look in the permissions that are set for the portal permission tree for that specific user.
In the SAS Management Console:
- Expand the following tree views:
- Authorization Manager
- Resource Management
- By Application
- BIP Service
- Portal Application Tree
- Find the portal permission tree for the user's name associated with the specific user.
- Right-click on that permission tree and select Properties.
- Select the Authorization tab.
Do you see an entry for this same user's name on the Authorization tab? If so, highlight the name and review the permissions granted and denied for that user. Note that this user should be listed for its own permission tree and should be explicitly granted ReadMetadata and WriteMetadata permissions, which means there is a check mark under GRANT for these two permissions and the check box does not have a colored box (grey or green) around it.
Select the PUBLIC group from the same authorization tab. What permissions are granted and denied? PUBLIC should have an explicit deny for ReadMetadata and WriteMetadata.
Now select the Portal Admins group from the same authorization tab. What permissions are granted and denied? The portal admins group should have an explicit grant for ReadMetadata and WriteMetadata.
Operating System and Release Information
| Product Family | Product | System | Product Release | SAS Release | ||
| Reported | Fixed* | Reported | Fixed | |||
| SAS System | SAS Information Delivery Portal | Microsoft Windows XP Professional | 2.0 | 9.1 TS1M3 SP4 | ||
| Microsoft Windows 2000 Datacenter Server | 2.0 | 9.1 TS1M3 SP4 | ||||
| Microsoft Windows 2000 Professional | 2.0 | 9.1 TS1M3 SP4 | ||||
| Microsoft Windows 2000 Server | 2.0 | 9.1 TS1M3 SP4 | ||||
| Microsoft Windows NT Workstation | 2.0 | 9.1 TS1M3 SP4 | ||||
| 64-bit Enabled Solaris | 2.0 | 9.1 TS1M3 SP4 | ||||
| Microsoft Windows 2000 Advanced Server | 2.0 | 9.1 TS1M3 SP4 | ||||
| Solaris for x64 | 2.0 | 9.1 TS1M3 SP4 | ||||
| 64-bit Enabled HP-UX | 2.0 | 9.1 TS1M3 SP4 | ||||
| 64-bit Enabled AIX | 2.0 | 9.1 TS1M3 SP4 | ||||
| Type: | Usage Note |
| Priority: | |
| Topic: | System Administration ==> Security |
| Date Modified: | 2007-12-05 09:36:57 |
| Date Created: | 2007-06-13 10:24:45 |