Insufficient Permissions on Custom Fields in SCSM 2012 SP1/R2


I’ve recently stumbled on the following error in SCSM 2012 R2:

image

Microsoft.EnterpriseManagement.Common.UnauthorizedAccessEnterpriseManagementException: The user CONTOSO\User1 does not have sufficient permission to perform the operation.

at Microsoft.EnterpriseManagement.Common.Internal.ServiceProxy.HandleFault(String methodName, Message message)

at Microsoft.EnterpriseManagement.Common.Internal.ConnectorFrameworkConfigurationServiceProxy.ProcessDiscoveryData(Guid discoverySourceId, IList1 entityInstances, IDictionary2 streams, ObjectChangelist`1 extensions)

at Microsoft.EnterpriseManagement.ConnectorFramework.IncrementalDiscoveryData.CommitInternal(EnterpriseManagementGroup managementGroup, Guid discoverySourceId, Boolean useOptimisticConcurrency)

at Microsoft.EnterpriseManagement.ConnectorFramework.IncrementalDiscoveryData.Commit(EnterpriseManagementGroup managementGroup)

at Microsoft.EnterpriseManagement.UI.SdkDataAccess.DataAdapters.EnterpriseManagementObjectProjectionWriteAdapter.WriteSdkObject(EnterpriseManagementGroup managementGroup, IList1 sdkObjects, IDictionary2 parameters)

at Microsoft.EnterpriseManagement.UI.SdkDataAccess.DataAdapters.SdkWriteAdapter1.DoAction(DataQueryBase query, IList1 dataSources, IDictionary2 parameters, IList1 inputs, String outputCollectionName)

at Microsoft.EnterpriseManagement.UI.ViewFramework.SingleItemSupportAdapter.DoAction(DataQueryBase query, IList1 dataSources, IDictionary2 parameters, IList`1 inputs, String outputCollectionName)

at Microsoft.EnterpriseManagement.UI.DataModel.QueryQueue.StartExecuteQuery(Object sender, ConsoleJobEventArgs e)

at Microsoft.EnterpriseManagement.ServiceManager.UI.Console.ConsoleJobExceptionHandler.ExecuteJob(IComponent component, EventHandler`1 job, Object sender, ConsoleJobEventArgs args)

A user part of Incident Resolvers group was not able to save particular custom filed in work item in SCSM console.

What I’ve found here and here that is some kind of bug since 2010 version of SCSM. There is way to fix it but keep in mind that the steps ARE NOT SUPPORTED BY MICROSOFT. The described steps are not new but I wanted to summarize them.

The case

You have some custom fields added on work items (incident, change and etc.) forms in Service Manager. Users that are part of a group with less privileges like Incident Resolvers cannot modify these fields in the form and receive the error above.

Workaround

There is a hotfix for 2010 version but that will not work for 2012. The hotfix contains SQL script that adds some stored procedures in your Service Manager DB. Luckily you do not even have to download the hotfix to find that SQL script as it is extracted by Roman Stadlmair and available here. And here arte he steps you can follow:

  1. Copy the script and execute it against your Service Manager DB.
  2. The script will add two stored procedure that you can use – p_AddRestrictrictionToOperationInProfile and dbo.p_RemoveRestrictrictionFromOperationInProfile. Here you can find syntax of the stored procedures.

  3. In my case I’ve executed the following query against Service Manager DB:

exec p_AddRestrictrictionToOperationInProfile ‘IncidentResolver’, ‘Object__Set’, ‘@TypeName’, NULL, ‘@RelationshipTypeName’, NULL

where @TypeName is the configuration class that I’ve wanted to add to custom field in incident form and @RelationshipTypeName is the relationship class that I’ve used for the user picker control field.

After executing this command Incident Resolvers were able to add information for this field in incident forms. Problem solved.

Note: The steps are not supported by Microsoft and always contact Microsoft support if possible. Also first test in development environment before executing them in production.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s