Troubleshoot: Access control problems

Access control problems are often indicated by generic application errors with error message keys such as _ERR_USER_AUTHORITY. The first step in problem determination is to enable tracing for the access control component.

  1. Turn on the access control trace component, WC_ACCESSCONTROL, in the WAS.

  2. Open the trace.log file.

  3. Start from the end of the file, perform a backward search for '=false' to find access control check that failed. For example
    WC_ACCESSCONT ... PolicyManagerImpl.isAllowed 
    PASSED? =false
    

  4. To determine what was being checked, perform another backward search for the string isAllowed? . For example
    WC_ACCESSCONT ... PolicyManagerImpl.isAllowed isAllowed?
    User=100000000505; Action=Execute; 
    Resource=
    com.ibm.commerce.usermanagement.commands.UserRegistrationAdminUpdateCmdImpl;
    
    Owner=7000000020002000000; 
    Resource Ancestor
    Orgs=7000000020002000000,7000000020000000000,-2001; 
    Resource Applicable Orgs=7000000020002000000
    

These topics describe how to resolve common access control problems: