Troubleshooting: Access control issues
Access control problems are often indicated by generic application errors with error message keys such as _ERR_USER_AUTHORITY. The first step in problem determination is to enable tracing for the access control component.
- Turn on the access control trace component, WC_ACCESSCONTROL, in the WebSphere Application Server.
- Open the trace.log file.
- Starting from the end of the file, perform a backward search for
=false
to find access control check that failed.For example:WC_ACCESSCONT ... PolicyManagerImpl.isAllowed PASSED? =false
- To determine what was being checked, perform another backward search for the string
isAllowed?
.For example:WC_ACCESSCONT ... PolicyManagerImpl.isAllowed isAllowed? User=100000000505; Action=Execute; Resource= com.ibm.commerce.usermanagement.commands.UserRegistrationAdminUpdateCmdImpl; Owner=7000000020002000000; Resource Ancestor Orgs=7000000020002000000,7000000020000000000,-2001; Resource Applicable Orgs=7000000020002000000