Permissions Issue with New-SCSMIncident

May 3, 2011 at 10:42 PM

I have an account that is not a SCSM Administrator. Using this account, I can create an incident using the GUI. However, if I use the new-scsmincident cmdlet, I get an error saying access was denied. If my account is added to the SCSM Admins Role, I can run the cmldet without a problem.

Looking at the event logs, I found the following error when i run the cmdlet as a non-admin.

An exception was thrown while processing ProcessDiscoveryDataWithBinarySupport for session ID uuid:2d3c3d8a-f7fb-4904-82ed-8f1fff0ddd88;id=334.

Exception message: The user doamin\user does not have sufficient permission to perform the operation.

Full Exception: Microsoft.EnterpriseManagement.Common.UnauthorizedAccessEnterpriseManagementException: The user domain\user does not have sufficient permission to perform the operation.

at Microsoft.EnterpriseManagement.Mom.DiscoveryDatabaseAccess.DiscoveryDataProcessor.Authorize(DiscoveryDataInstance discoveryDataInstance, AuthManager authMan, ReaderWriterLock authManLock, Boolean needsRefresh, Boolean useProcessContext, WindowsIdentity identity, DatabaseConnection databaseConnection)

at Microsoft.EnterpriseManagement.ServiceDataLayer.DiscoveryDataManager.DiscoveryPackageIncrementalProcessingHandler.ProcessDiscoveryDataWithBinarySupportInternal(DatabaseConnection databaseConnection, Guid discoverySourceId, IList`1 sdkEntityInstances, IList`1 sdkRelationshipInstances, IDictionary`2 streams, IContext context)

at Microsoft.EnterpriseManagement.ServiceDataLayer.DiscoveryDataManager.DiscoveryPackageIncrementalProcessingHandler.Process(DatabaseConnection databaseConnection)

at Microsoft.EnterpriseManagement.Mom.DiscoveryDatabaseAccess.DiscoveryPackageProcessor.ProcessWithRetry(HandleProcessing handleProcessing, RetryPolicy retryPolicy)

at Microsoft.EnterpriseManagement.ServiceDataLayer.DiscoveryDataManager.ProcessDiscoveryDataWithBinarySupport(DatabaseConnection dbconnection, Guid discoverySourceId, IList`1 sdkEntityInstances, IList`1 sdkRelationshipInstances, IDictionary`2 streams, IContext context)

at Microsoft.EnterpriseManagement.ServiceDataLayer.ConnectorFrameworkConfigurationService.ProcessDiscoveryDataWithBinarySupport(DatabaseConnection dbconnection, Int32 operation, Guid discoverySourceId, IList`1 entityInstances, IList`1 relationshipInstances, IDictionary`2 streams, Boolean useOptimisticConcurrency)

at Microsoft.EnterpriseManagement.ServiceDataLayer.ConnectorFrameworkConfigurationService.ProcessDiscoveryDataWithBinarySupport(Int32 operation, Guid discoverySourceId, IList`1 entityInstances, IList`1 relationshipInstances, IDictionary`2 streams, Boolean useOptimisticConcurrency)

Developer
May 3, 2011 at 10:57 PM

I'm not sure why the console would allow this, as both the console and the cmdlets use the same basic underlying APIs. However, it could be creating one of the relationships that's failing (which may be one of the differences between the cmdlet and the ui).

One thing to check would be to see whether or not you can create an instance of the System.WorkItem.Incident class (you can do this with new-scsmobject). That would be a good indicator as to whether it's the base object of the projection, or one of the relationships that's created by the cmdlet.

May 4, 2011 at 3:32 PM

Could you give me the exact command you'd like me to run? I don't seem to have a System.WorkItem.Incident type available

Developer
May 4, 2011 at 6:40 PM

Try the following:

$class = get-scsmclass ^system.workitem.incident$
new-scsmobject -Class $class -PropertyHashtable @{ Title = "This is a title"; Id = "IR{0}"; Urgency = "Medium"; Impact = "Medium" }

If it works, then you can retrieve the instance you just created like this:

get-scsmobject -class $class -filter "Title -eq 'This is a title'"

May 4, 2011 at 7:10 PM

The commands ran without error using both accounts.

Dec 23, 2011 at 10:12 AM

I had similar exception and fixed it by adding user to Workflow group in SCSM