0 votes

I have an issue we don't fully understand.

We are running Adaxes v2018.2. Last night I logged in to unlock a user account. Under the "User Management" section I clicked "Unlock account", selected the name, clicked "OK", and received an "Access denied" message on my screen. One of my co-workers tried to unlock the same account this morning and was successful.

I have checked the Web Configuration tool and both of our accounts are present in "Access Control". I have checked both accounts on one of our AD controllers and both accounts are members of the same groups. My account, however, is unable to perform a basic activity like unlocking an account. I've tried this on two different computers running different browsers (Chrome and Firefox). This was working for me last week and to my knowledge no changes have been made to any of our accounts.

Any suggestions as to where to look next? Thanks.

by (50 points)
0

I have checked the Web Configuration tool and both of our accounts are present in "Access Control".

The Access Control section in Adaxes Web Interface Configurator is used to control user access to the Web Interface and is not related to the operations users can perform.

I have checked both accounts on one of our AD controllers and both accounts are members of the same groups.

The operations users can perform are determined by Security Roles. For troubleshooting purposes, please, check if the Security Roles assigned to your user account include the permissions described in the Grant Rights to Reset Passwords and Unlock Accounts tutorial and do not contain corresponding Deny permissions. For your information, the Deny permissions always override the Allow ones. For information on how to view Security Roles assigned to a user, have a look at the following help article: https://www.adaxes.com/help/?HowDoI.Man ... forms.html.

This was working for me last week and to my knowledge no changes have been made to any of our accounts.

Most probably, the permissions granted by Security Roles assigned to your account or the roles assignments were changed.

0

Many thanks for the reply.

So I logged into the Administration Console and opened up <domain> -> Configuration -> Security Roles -> Builtin -> Account Manager. For some reason, my account is no longer assigned to the Account Manager security role. Not sure why, but it's not there.

Next steps - I click on the Add... button, select my name, click on All Objects on the Select Assignment Scope popup (matching the assignment for all other users in that role), and click Finish. When I try to "Save Changes" I get a popup "An error occurred while saving the Security Role. Access is denied."

I had one of the colleagues try making the change as well and he gets the same error.

One interesting thing we've noticed, under the Assignments for this role is a trustee which has no corresponding entry in the tree:

We are unable to delete this entry. Is it possible that something has been corrupted?

TIA.

1 Answer

0 votes
by (233k points)
selected by
Best answer

Hello,

Most probably, the group that was used as a trustee for the assignment was removed and your account was a member of the group. As a result the group SID is displayed in the Security Role assignments and you are no longer granted the permissions. You need to log on to Adaxes service with the credentials of an account that has required permissions (e.g. Adaxes service account specified during the product installation) and update the Security Role assignments. To check who deleted the group you can view Adaxes general log.

Also, you can try restoring the group. For details, see https://www.adaxes.com/tutorials_Active ... bjects.htm.

Related questions

0 votes
1 answer

Hi, I've setup a security role with permissions to reset password and Write Account Properties and per the advise from http://adaxes.com/tutorials_DelegatingP ... swords.htm. ... search for all users normally. Is there something I'm missing out? Regards, Colin

asked Feb 4, 2013 by Swire (40 points)
0 votes
1 answer

Getting "object reference not set to an instance" when trying to sign into Office 365 Tenant Was working fine before

asked Sep 1, 2021 by davm79 (40 points)
0 votes
1 answer

Hi, we're receiving the below error when trying to add SMTP addresses to Office365 mailboxes from Adaxes. I've raised a ticket with support, but thought I'd ask ... , please see exception members for more information. Any help would be great. Thanks Gary

asked May 29, 2020 by gazoco (430 points)
0 votes
1 answer

Since upgrading to 2019.2 I am no longer able to run scheduled reports, either automatically or manually. When looking at the log I see it fails at the "generate report ... is attempting. I can run the report directly with no problem. Can anyone help? Thanks,

asked Nov 21, 2019 by rossb (20 points)
0 votes
1 answer

Hello, We have a script that checks for expiring accounts (temp/contractor) and emails the users manager requesting that they respond to the email either approving an extension of the ... has expired, or at least send an email to the security group to do so.

asked Mar 11, 2013 by DFassett (710 points)
2,883 questions
2,602 answers
6,755 comments
118,211 users