Home Analyst Portal

Change Requests - New AD User Unable to Assign to self

Chris_KeanderChris_Keander Customer Advanced IT Monkey ✭✭✭
I've created a test user in AD and ran the AD connector.  The user is a member of the group that dictates who is an analyst in the system, as well as the group that gives access to Change Request features.

I'm able to create a test CR but when I choose the Assign to me task and hit Save I get an error that says "Request Failed"

The application log on the server indicates that this user doesn't have sufficient permissions to perform the task.

"Microsoft.EnterpriseManagement.Common.UnauthorizedAccessEnterpriseManagementException: The user PPS\scsmtestcr does not have sufficient permission to perform the operation.
   at Microsoft.EnterpriseManagement.Common.Internal.ServiceProxy.HandleFault(String methodName, Message message)
   at Microsoft.EnterpriseManagement.Common.Internal.ConnectorFrameworkConfigurationServiceProxy.ProcessDiscoveryData(Guid discoverySourceId, IList`1 entityInstances, IDictionary`2 streams, ObjectChangelist`1 extensions)
   at Microsoft.EnterpriseManagement.ConnectorFramework.IncrementalDiscoveryData.CommitInternal(EnterpriseManagementGroup managementGroup, Guid discoverySourceId, Boolean useOptimisticConcurrency)
   at Microsoft.EnterpriseManagement.ConnectorFramework.IncrementalDiscoveryData.CommitForUserDiscoverySource(EnterpriseManagementGroup managementGroup, Boolean useOptimisticConcurrency)
   at Cireson.ServiceManager.ManagementService.ManagementService.<>c__DisplayClassc.<InvokeCommand>b__b(EnterpriseManagementGroup emg)
   at Cireson.ServiceManager.ManagementService.ManagementService.InvokeCommand[T](Func`2 func, Boolean invokeAsService)
   at Cireson.ServiceManager.ManagementService.ManagementService.InvokeCommand(Action`1 action, Boolean invokeAsService)
   at Cireson.ServiceManager.ManagementService.ManagementService.<>c__DisplayClass6.<InvokeCommandAsync>b__5()
   at System.Threading.Tasks.Task.Execute()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
   at Cireson.ServiceManager.ManagementService.ManagementService.<InvokeCommandAsync>d__8.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
   at Cireson.ServiceManager.Services.Projection.<UpdateDirtyProjectionAsync>d__6c.MoveNext()
"

Also, another error that proceeds it says "UpdateDirtyProjectionAsync threw an exception"


Best Answer

Answers

  • Joe_BurrowsJoe_Burrows Cireson Devops Super IT Monkey ✭✭✭✭✭
    edited June 2016
    Hey Chris
    Looks like they are missing the underlining role permissions in service manager, check they are a member of either the advanced operator role or the change manager role.

    If they are remember changes to scoped access can require a cachbuilder and website restart to take effect.

    If still an issue after checking the above let me know and we can troubleshoot deeper in a support ticket.

    Cheers
    Joe
  • Chris_KeanderChris_Keander Customer Advanced IT Monkey ✭✭✭
    Hey Joe!

    Are you saying that Change Initiators can't assign / reassign change requests?  That's something that we need to frequently do here with CRs but don't want everyone that creates a change (or has one assigned to them) to have managerial priveleges.
  • Joe_BurrowsJoe_Burrows Cireson Devops Super IT Monkey ✭✭✭✭✭
    Hey Chris

    Best test is to confirm it works in the SCSM console, if it doesn't you can grant granular permissions to a custom scoped role to achieve what you need. 

    Once you have it working in the console its just a matter of letting the sync happen in the portal.

    Hope that helps! Let me know if you want some live help.
  • Chris_KeanderChris_Keander Customer Advanced IT Monkey ✭✭✭
    Joe,  I've confirmed that this is working the same in the console, indicating that Change Initiators cannot assign/reassign a CR.  I can create a new Change Manager group and put all change "initiators" in this group but could use a little help with the scoping so it behaves the same way as the out-of-box Change Initiators group with the addition of the Assign permissions.
This discussion has been closed.