Skip to main content

I have noticed that the filter in the IAM task ‘Apply user rights to the database’ works different from the filter in the IAM task ‘Apply user rights to IAM’.

Starting with the latter: when I apply rights to IAM with the filter cleared like this

the users will receive the following error:

 

When I select all rows in the user tabel, and apply the rights like this:

 

the users are able to log in.

When applying user rights tot he database it seems to be the other way around: if I select all rows and then apply it only applies the rights to one user; if I clear the filter it applies rights to all users.

Is this the intended behaviour? Windows gui 2021.3.18; platform 2021.3 -  Indicium universal 2021.3.18.

edit:  if I clear the filter it applies rights to all users. → it revokes all memberships to the roles.

No, this is not intended. Can you post this as a support ticket in TCP so we can investigate this issue? Also in the ticket please a screenshot from which screens you apply the rights, as there are several options there. 

Ok, this was production so I will reproduce this in our test environment and create a ticket.

While testing I found the reason for the problems:

The script fails to execute because of a principal that cannot be dropped. This principal is the former service-user that we do not longer need and is therefore obsolete. The reason the user can't be dropped is that the user is set to execute a certain procedure (using the 'with execute as' statement). We forgot to change this statement. After changing the procedure everything works fine again.

 

 

Thank you for your feedback and good to hear that you found the problem. 

Terms & ConditionsCookie settings