Troubleshooting
Problem
Event project fails to deploy with "The role-based authorization check failed for admin-authz operation Server:getName. The user ... was not granted any of the following required roles" error in the server logs.
Symptom
When deploying an event project from Decision Center enterprise console from the Project tab and Deployment / deploy Project the below error message is returned:
Message Cannot Deploy
ilog.rules.teamserver.model.IlrDeployEventsException: Internal Server Error
The following message error message is found in the WAS_HOME/profiles/PROFILE_NAME/logs/SERVER_NAME/SystemOut.log of the server:
RoleBasedAuth A SECJ0305I: The role-based authorization check failed for admin-authz operation Server:getName. The user _USERID_ (unique ID: user:defaultwimfilebasedrealm/uid=_USERID_,o=defaultwimfilebasedrealm) was not granted any of the following required roles: deployer, operator, configurator, monitor, administrator, adminsecuritymanager, auditor.
Cause
The user used to connect from Decision Center to the Decision Server Event server, defined in tab Configure link Deployment / Manage Servers must have either WebSphere Application Server administrative role Operator or Administrator.
This is a requirement of the Decision Server Event security configuration described in the documentation since version 8.5 of WebSphere Operational Decision Manager: "Operational Decision Manager V8.5 > Decision Server Events > Reference for Decision Server Events > Configuration settings, properties and parameters > User roles and administrative user roles".
Environment
It does apply to every WebSphere Application Server version supported by Decision Server Event server.
Diagnosing The Problem
Review server logs and mapping of user deploying the event project.
Resolving The Problem
The problem can be solved granting Administrator or Monitor role to the authenticated user deploying the project to the event runtime (_USERID_ in error message above), or to any group to which it belongs.
This procedure is documented in WebSphere Application Server documentation chapter "Network Deployment (All operating systems), Version 8.5 > Securing applications and their environment > Securing the full profile > Authorizing access to resources > Authorizing access to administrative roles".
Related Information
Was this topic helpful?
Document Information
Modified date:
23 July 2021
UID
swg21661192