000030761 - Permissions for custom roles missing after upgrading to RSA Security Analytics

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000030761
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Security Analytics UI, Security Analytics Server
RSA Version/Condition:
Platform: CentOS
O/S Version: EL6
IssueAfter upgrading from Security Analytics 10.4.x to 10.5, the permissions of roles created prior to the upgrade are missing.
User-added image
User-added image
CauseSecurity Analytics reads role permissions from the security-policy folder. This issue occurs because in version 10.5, the security-policy folder path is incorrectly set to /opt/rsa/jetty9/target/rsa/ when it should be /var/lib/netwintess/uax/. Due to this wrong path, the 10.4 custom permissions are not shown in the Security Analytics UI.
ResolutionThis issue is permanently resolved in Security Analytics
WorkaroundTo resolve the issue, we would need to copy the security-policy folder from /var/lib/netwintess/uax/ to /opt/rsa/jetty9/target/rsa/.
The steps are:
  1. Stop the puppet and jettysrv services.
    service puppet stop
    stop jettysrv

  2. Go to the /opt/rsa/jetty9/target/rsa/ directory.
    cd /opt/rsa/jetty9/target/rsa/

  3. Rename security-policy folder.
    mv security-policy security-policy.old

  4. Copy the security-policy folder from /var/lib/netwintess/uax/ to the /opt/rsa/jetty9/target/rsa/ directory.
    cp -pR /var/lib/netwitness/uax/security-policy/ security-policy/

  5. Start the puppet and jettysrv services.
    service puppet start
    start jettysrv

If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article number for further assistance.