APAR status
Closed as program error.
Error description
When a physical vSnap is added to IBM Spectrum Protect Plus, the GUI shows error 'Forbidden access or Invalid Password' when the vSnap configuration is refreshed. The vsnap.log shows the following errors: vsnap.api API request started: GET /system? | Body: None vsnap.api Traceback (most recent call last): File "/src/workspace/vsnap/api/core/common.py", line 51, in decorated File "/src/workspace/vsnap/common/util.py", line 233, in check_api_priv vsnap.common.errors.AuthorizationError: Permission denied vsnap.api API requested failed with authorization error This issue happens only when: - The vSnap is deployed on a host with a supported Linux distribution to install a vSnap. Usually, this is a physical vSnap. Virtual vSnaps are mostly installed using the IBM provisioned VMware or Hyper-V image. - The 'serveradmin' user has been created before the installation of the vSnap package. - The 'serveradmin' user was not added to the 'vsnap' group. IBM Spectrum Protect Plus Versions Affected: IBM Spectrum Protect Plus 10.1.x Additional Keywords: SPP, SPPlus, TS009938484
Local fix
1. Connect to the host where the vSnap software package is installed 2. Run 'groups serveradmin' and verify the 'vsnap' group is missing [root@vsnap ~]# groups serveradmin serveradmin : serveradmin Note the missing 'vsnap' group in the result of previous command 3. Add 'serveradmin' to the 'vsnap' group [root@vsnap ~]# usermod -a -G vsnap serveradmin 4. Refresh the IBM Spectrum Protect Plus GUI and see if the vSnap configuration is correctly displayed
Problem summary
**************************************************************** * USERS AFFECTED: * * IBM Spectrum Protect Plus levels 10.1.2 to 10.1.12 * **************************************************************** * PROBLEM DESCRIPTION: * * See Error Description * **************************************************************** * RECOMMENDATION: * * Apply fixing level when available. This problem is currently * * projected to be fixed in IBM Spectrum Protect Plus level * * 10.1.13. Note that this is subject to change at the * * discretion of IBM. * ****************************************************************
Problem conclusion
Implemented code check to ensure that the serveradmin user is part of the vsnap group. The check is performed every time the vSnap services are restarted, and the serveradmin account is automatically added to the necessary group if it is not already part of the group.
Temporary fix
Comments
APAR Information
APAR number
IT41874
Reported component name
SP PLUS
Reported component ID
5737SPLUS
Reported release
A19
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2022-08-26
Closed date
2022-10-26
Last modified date
2022-10-26
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
SP PLUS
Fixed component ID
5737SPLUS
Applicable component levels
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSNQFQ","label":"IBM Spectrum Protect Plus"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"A19","Line of Business":{"code":"LOB26","label":"Storage"}}]
Document Information
Modified date:
01 February 2024