|Applies To||RSA Product Set: SecurID|
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1.0 SP1 Admin API SDK
O/S Version: SUSE Linux 11
Admin API (AMPrime or SDK) does a Get Server Contact List but all servers are returned showing isRunning="false" and isPrimary="false" even after auto-rebalance. Replica Status Good.
2015-12-01T16:06:17,792-0600,com.rsa.ucm.am8,22,DEBUG,ContactList = <?xml version="1.0" encoding="UTF-8" standalone="no"?>
|Resolution||The Admin API SDK to Authentication Manager 8.1, and all variations on it such as AM Prime requires an AM 8.1 local database account with Super Admin role to access the database. |
While you might see some information with a non-Super Admin Account, there is also data such as the Server contact list that is without a specific access attribute and which is therefore limited to the “super admin”.
Only a few data fields in AM have a specific access-control attribute (i.e., Token PIN, etc.).
Likely the interface has a “secure by default” policy for this data, because Deployment/topology data is generally only accessible to super admins. (i.e. a help-desk admin cannot add a new replica server)