Skip to main content

This content has been archived and is no longer being updated. Links may not function; however, this content may be relevant to outdated versions of the product.

Support Article

Multiple occurrences of AuthorizationException errors in logs

SA-94936

Summary

Multiple occurrences of AuthorizationException errors in the Production logs. 


Error Messages

641[WebContainer:14][STANDARD][][Ruleset:] (urityChanges._baseclass.Action)ERROR 127.0.0.1|127.0.0.1- Error in Obj-Open
com.pega.pegarules.pub.database.AuthorizationException: You are not authorized to open instance RULE-OBJ-MODEL DATA-ADMIN-OPERATOR-ID PYTRACKSECURITYCHANGES #20180214T214726.727 GMT
at com.pega.pegarules.pub.database.AuthorizationException.createCannotOpenException(AuthorizationException.java:242) ~[prpublic.jar:?]
at com.pega.pegarules.data.internal.access.Opener.open(Opener.java:2218) ~[prprivate.jar:?]
at com.pega.pegarules.data.internal.access.DatabaseImpl.open(DatabaseImpl.java:2592) ~[prprivate.jar:?]
at com.pega.pegarules.pub.runtime.AbstractActivity.objOpen(AbstractActivity.java:80) ~[prpublic.jar:?]
com.pegarules.generated.activity.ra_action_tracksecuritychanges_196e4905c3b4c9b613626a53f2391541.step1_circum0(ra_action_tracksecuritychanges_196e4905c3b4c9b613626a53f2391541.java:305) ~[?:?]
com.pegarules.generated.activity.ra_action_tracksecuritychanges_196e4905c3b4c9b613626a53f2391541.perform(ra_action_tracksecuritychanges_196e4905c3b4c9b613626a53f2391541.java:75) ~[?:?]
at com.pega.pegarules.session.internal.mgmt.Executable.doActivity(Executable.java:2695) ~[prprivate.jar:?]
at com.pega.pegarules.exec.internal.declare.infengine.ChainingEngineUtilImpl.runActivity(ChainingEngineUtilImpl.java:225) ~[prprivate.jar:?]
at com.pega.pegarules.exec.internal.declare.infengine.TriggerImpl.evaluateNetworks(TriggerImpl.java:304) ~[prprivate.jar:?]
at com.pega.pegarules.data.internal.access.DatabaseImpl.performTriggers(DatabaseImpl.java:6782) ~[prprivate.jar:?]
at com.pega.pegarules.data.internal.access.Saver.performTriggers(Saver.java:736) ~[prprivate.jar:?]
at com.pega.pegarules.data.internal.access.Saver.save(Saver.java:699) ~[prprivate.jar:?]
at com.pega.pegarules.data.internal.access.Saver.save(Saver.java:1843) ~[prprivate.jar:?]
at com.pega.pegarules.data.internal.access.DatabaseImpl.save(DatabaseImpl.java:2837) ~[prprivate.jar:?]
at com.pega.pegarules.data.internal.access.DatabaseImpl.save(DatabaseImpl.java:2828) ~[prprivate.jar:?]
at com.pega.pegarules.data.internal.access.DatabaseImpl.save(DatabaseImpl.java:2819) ~[prprivate.jar:?]
at com.pega.pegarules.session.internal.mgmt.authentication.AuthenticationUtil.saveOperatorPageWithOutSecurity(AuthenticationUtil.java:781) ~[prprivate.jar:?]
at com.pega.pegarules.session.internal.mgmt.authentication.Authentication.validatePegaCredentials(Authentication.java:2400) ~[prprivate.jar:?]
at com.pega.pegarules.session.internal.mgmt.authentication.SchemePRBasic.authenticateOperator(SchemePRBasic.java:189) ~[prprivate.jar:?]
at com.pega.pegarules.session.internal.mgmt.authentication.Authentication.doAuthentication(Authentication.java:508) ~[prprivate.jar:?]
at com.pega.pegarules.session.internal.engineinterface.service.HTTPAuthenticationHandler.performAuthentication(HTTPAuthenticationHandler.java:251) ~[prprivate.jar:?]
at com.pega.pegarules.session.internal.engineinterface.service.HTTPAuthenticationHandler.doHttpReqAuthentication(HTTPAuthenticationHandler.java:94


Steps to Reproduce

Use Single Sign On (SSO) to connect to the application. Errors occur. 


Root Cause



The error is caused by the Tracksecuritychanges Pega out-of -the-box (OOTB) activity. Issue occurs on setting the pzFailedLoginAttempts to 0. This requires operatorPage save(update) which in turn invokes the Tracksecuritychanges Declare trigger activity. 

The system fails to open the PYTRACKSECURITYCHANGES DataTransform rule due to an authorization issue. The access role to open or read rule instances of Data-Admin-Operator-ID on the UnAuthenticated access group is absent.


Resolution



Perform the following local-change: 
  1. Create a new access role with Access Role to Object (ARO) set to Data-Admin-Operator-ID with Read rule as 5
  2. Include the new access role in the UnAuthenticated access group

 

Published July 25, 2020 - Updated December 2, 2021

Was this useful?

0% found this useful

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us