Change Requests - New AD User Unable to Assign to self
Chris_Keander
Customer Advanced IT Monkey ✭✭✭
I've created a test user in AD and ran the AD connector. The user is a member of the group that dictates who is an analyst in the system, as well as the group that gives access to Change Request features.
I'm able to create a test CR but when I choose the Assign to me task and hit Save I get an error that says "Request Failed"
The application log on the server indicates that this user doesn't have sufficient permissions to perform the task.
"Microsoft.EnterpriseManagement.Common.UnauthorizedAccessEnterpriseManagementException: The user PPS\scsmtestcr does not have sufficient permission to perform the operation.
at Microsoft.EnterpriseManagement.Common.Internal.ServiceProxy.HandleFault(String methodName, Message message)
at Microsoft.EnterpriseManagement.Common.Internal.ConnectorFrameworkConfigurationServiceProxy.ProcessDiscoveryData(Guid discoverySourceId, IList`1 entityInstances, IDictionary`2 streams, ObjectChangelist`1 extensions)
at Microsoft.EnterpriseManagement.ConnectorFramework.IncrementalDiscoveryData.CommitInternal(EnterpriseManagementGroup managementGroup, Guid discoverySourceId, Boolean useOptimisticConcurrency)
at Microsoft.EnterpriseManagement.ConnectorFramework.IncrementalDiscoveryData.CommitForUserDiscoverySource(EnterpriseManagementGroup managementGroup, Boolean useOptimisticConcurrency)
at Cireson.ServiceManager.ManagementService.ManagementService.<>c__DisplayClassc.<InvokeCommand>b__b(EnterpriseManagementGroup emg)
at Cireson.ServiceManager.ManagementService.ManagementService.InvokeCommand[T](Func`2 func, Boolean invokeAsService)
at Cireson.ServiceManager.ManagementService.ManagementService.InvokeCommand(Action`1 action, Boolean invokeAsService)
at Cireson.ServiceManager.ManagementService.ManagementService.<>c__DisplayClass6.<InvokeCommandAsync>b__5()
at System.Threading.Tasks.Task.Execute()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
at Cireson.ServiceManager.ManagementService.ManagementService.<InvokeCommandAsync>d__8.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
at Cireson.ServiceManager.Services.Projection.<UpdateDirtyProjectionAsync>d__6c.MoveNext()
"
Also, another error that proceeds it says "UpdateDirtyProjectionAsync threw an exception"
I'm able to create a test CR but when I choose the Assign to me task and hit Save I get an error that says "Request Failed"
The application log on the server indicates that this user doesn't have sufficient permissions to perform the task.
"Microsoft.EnterpriseManagement.Common.UnauthorizedAccessEnterpriseManagementException: The user PPS\scsmtestcr does not have sufficient permission to perform the operation.
at Microsoft.EnterpriseManagement.Common.Internal.ServiceProxy.HandleFault(String methodName, Message message)
at Microsoft.EnterpriseManagement.Common.Internal.ConnectorFrameworkConfigurationServiceProxy.ProcessDiscoveryData(Guid discoverySourceId, IList`1 entityInstances, IDictionary`2 streams, ObjectChangelist`1 extensions)
at Microsoft.EnterpriseManagement.ConnectorFramework.IncrementalDiscoveryData.CommitInternal(EnterpriseManagementGroup managementGroup, Guid discoverySourceId, Boolean useOptimisticConcurrency)
at Microsoft.EnterpriseManagement.ConnectorFramework.IncrementalDiscoveryData.CommitForUserDiscoverySource(EnterpriseManagementGroup managementGroup, Boolean useOptimisticConcurrency)
at Cireson.ServiceManager.ManagementService.ManagementService.<>c__DisplayClassc.<InvokeCommand>b__b(EnterpriseManagementGroup emg)
at Cireson.ServiceManager.ManagementService.ManagementService.InvokeCommand[T](Func`2 func, Boolean invokeAsService)
at Cireson.ServiceManager.ManagementService.ManagementService.InvokeCommand(Action`1 action, Boolean invokeAsService)
at Cireson.ServiceManager.ManagementService.ManagementService.<>c__DisplayClass6.<InvokeCommandAsync>b__5()
at System.Threading.Tasks.Task.Execute()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
at Cireson.ServiceManager.ManagementService.ManagementService.<InvokeCommandAsync>d__8.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
at Cireson.ServiceManager.Services.Projection.<UpdateDirtyProjectionAsync>d__6c.MoveNext()
"
Also, another error that proceeds it says "UpdateDirtyProjectionAsync threw an exception"
0
Best Answer
-
Joe_Burrows
Cireson Devops Super IT Monkey ✭✭✭✭✭
K cool! Its possible it may just need to sync but have opened this on IR48515 so we can troubleshoot a bit deeper
5
This discussion has been closed.
Answers
Looks like they are missing the underlining role permissions in service manager, check they are a member of either the advanced operator role or the change manager role.
If they are remember changes to scoped access can require a cachbuilder and website restart to take effect.
If still an issue after checking the above let me know and we can troubleshoot deeper in a support ticket.
Cheers
Joe
Are you saying that Change Initiators can't assign / reassign change requests? That's something that we need to frequently do here with CRs but don't want everyone that creates a change (or has one assigned to them) to have managerial priveleges.
Best test is to confirm it works in the SCSM console, if it doesn't you can grant granular permissions to a custom scoped role to achieve what you need.
Once you have it working in the console its just a matter of letting the sync happen in the portal.
Hope that helps! Let me know if you want some live help.