000016604 - AM 7.1sp4/APP 3.0: After applying either sp4 patch 25 or patch 26  delegated administration account with 'Auth Mgr Token Administrator' role will throw 'insufficient privileges' when trying to assign a token

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000016604
Applies ToThis issue was introduced in patch 25 and exists in patch 26.  At the time of this writing, patch 27 is not yet out, but the same issue will exist in patch 27
IssueAM 7.1sp4/APP 3.0: After applying either sp4 patch 25 or patch 26, delegated administration account with "Auth Mgr Token Administrator" role will throw "insufficient privileges" when trying to assign a token

On either 3.0.4 patch 25 or 26, or AM 7.1sp4 p25 or 26


1) Create a test user
2) Assign the user one role of 'Auth Mgr Token Administrator'.
3) login using test user account with the delegated administration role, and assign a token to another user, this works as expected.

With either patch 25 or patch 26, when you login using the same test user with the administrative role assigned to it that worked pre-patch 25 or 26 and attempt the same action of assigning a token to a user, an error "insufficient privileges" is thrown.

Resolution

This issue is slated to be corrected in patch 28.  The following workaround may be used in the interim if patching cannot be done immediately, or until patch 28 is released

 Log into Security Console as a superadmin, go to Administration -> Administrative Roles.
? Edit 'Auth Mgr Token Administrator' Role.
? Go to 'General Permissions' Tab.
? In 'Manage Users' section check the 'Edit' check box corresponding to 'Users' label and save it.

This will give the token administrators the user update privilege.  The change can be reverted after applying patch 28 once it is released

Legacy Article IDa61980

Attachments

    Outcomes