Console loads blank and reports: "You are not authorized to perform this operation"

  • 7023100
  • 15-Jun-2018
  • 15-Jun-2018

Environment

Privileged Account Manager 3.2

Situation

When configuring group access roles within PAM, the user receives the following browser dialog error when trying to access a dashboard:

You are not authorized to perform this operation.

Resolution

This error reports that the logged-in user is unauthorized to perform the requested operation. If this error is received when trying to access a UI Console from the Administration Console, then it is likely the 'read' role is missing from the group role configuration. Adding the additional '<module>:read' role should permit this operation.

For example, when configuring a Command Control Role to "View the Command Control console," the 'cmdctrl:console' role is added to the group, but the Console loads blank or the error above is received in the browser.

If an additional Role is added to the group as 'cmdctrl:read' then the Console's request for the cmdctrl rules will be authorized and the Console will display the rules & policies.

To access the Command Control Console and view the rules, the following Roles would need to be configured on the group:
cmdctrl:console
cmdctrl:read

Cause

Insufficient 'read' privileges to retrieve the records needed to be displayed by the Console.

Additional Information

For more details regarding configuration of these roles, please refer to documentation:

For an example found in the forums with this issue, please refer to: