|Applies To||RSA Product Set: SecurID|
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
|Issue||An Operations Console administrator is a user with permissions to perform administrative tasks in the Operations Console and to run some command line utilities. An attempt to create a new Operations Console administrator in the Security Console throws the following error:|
Encrypted data could not be updated
|Cause||Creating an Operations Console administrator fails because the limit for the maximum number of Operations Console administrator accounts has been reached. The /opt/rsa/am/server/logs/imsTrace.log with trace log level set to Verbose captures the underlying error.|
2019-01-10 02:33:23,209, [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'], (SystemfieldsUserAdministrationImpl.java:80), trace.com.rsa.ims.ocadmin.management.impl.SystemfieldsUserAdministrationImpl, ERROR, am82p.vcloud.local,,,,Failed to create systemfields user com.rsa.common.InvalidArgumentException: Failed to encrypt field com.rsa.pwd.auth.users
|Resolution||A maximum of 42 Operations Console administrators can be created in the Security Console.|
|Workaround||Like the super admin role, an Operations Console administrator account should only be granted to the most trusted administrators.|
Operations Console administrators provide predefined roles and have the permissions required to perform most of the tasks offered by the Operations Console.
As a workaround,
|Notes||Refer to documentation on how to Add an Operations Console Administrator.|
To set logging to Verbose,
Important: Do not set the trace logging level to verbose for extended periods of time unless instructed to do so by RSA Customer Support. Trace logs may occupy large amounts of disk space and this can impact system performance.