Direct links to fixes
APAR status
Closed as program error.
Error description
When you follow the instructions in the "Reconfiguring the user registry" section of the "Administering the technical user for the IBM BPM document store" topic (http://www.ibm.com/support/knowledgecenter/SSFPJS_8.5.6/com.ibm .wbpm.admin.doc/topics/tbpmdocauth.html), the following wsadmin command fails AdminTask.maintainDocumentStoreAuthorization('Ä-deName YOUR_DE_NAME -add #AUTHENTICATED-USERSÜ') and you might see the following error: WASX7015E: Exception running command: "AdminTask.maintainDocumentStoreAuthorization('Ä-deName YOUR_DE_NAME -add #AUTHENTICATED-USERSÜ')"; exception information: com.ibm.bpm.embeddedecm.exception.UserOrGroupNotFoundException: com.ibm.bpm.embeddedecm.exception.UserOrGroupNotFoundException: CWTDS0030E: The user or group '#AUTHENTICATED-USERS' does not exist. Explanation: The user or group for the specified name could not be found. Action: Check your input parameters. Then, run the command again. In the wsadmin.traceout file, you find an error message that is similar to the following message: Ä6/17/15 15:37:10:978 CESTÜ 00000001 AbstractShell E WASX7120E: Diagnostic information from exception with text "com.ibm.bpm.embeddedecm.exception.UserOrGroupNotFoundException: com.ibm.bpm.embeddedecm.exception.UserOrGroupNotFoundException: CWTDS0030E: The user or group '#AUTHENTICATED-USERS' does not exist. Explanation: The user or group for the specified name could not be found. Action: Check your input parameters. Then, run the command again. " follows: com.ibm.bpm.embeddedecm.exception.UserOrGroupNotFoundException: CWTDS0030E: The user or group '#AUTHENTICATED-USERS' does not exist. Explanation: The user or group for the specified name could not be found. Action: Check your input parameters. Then, run the command again. at com.ibm.bpm.embeddedecm.mbean. InternalBPMDocumentStoreMBeanImpl.getGranteeName (InternalBPMDocumentStoreMBeanImpl.java:85) at com.ibm.bpm.embeddedecm.mbean. InternalBPMDocumentStoreMBeanImpl. grantAccessToDomainForPrincipal (InternalBPMDocumentStoreMBeanImpl.java:391) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:95) at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:56) ... In the SystemOut.log file of the application target, you see a warning that is similar to the following warning: Ä6/16/15 16:47:39:761 CESTÜ 00000123 FfdcProvider W com.ibm.ws.ffdc.impl.FfdcProvider logIncident FFDC1003I: FFDC Incident emitted on /opt/WebSphere/AppServerBPM/profiles/Node1Profile/logs/ffdc/AppC lusterMember1_8e16223a_15.06.16_16.47.39.7149171143951023191615. txt com.ibm.ws.management.AdminServiceImpl.invoke 679 In the corresponding FFDC you see an exception that is similar to the following exception: Ä6/16/15 16:47:39:715 CESTÜ FFDC Exception:javax.management.MBeanException SourceId:com.ibm.ws.management.AdminServiceImpl.invoke ProbeId:679 Reporter:com.ibm.ws.management.AdminServiceImpl$1§6e7409f7 javax.management.MBeanException: Exception thrown in RequiredModelMBean while trying to invoke operation grantAccessToDomainForPrincipal at javax.management.modelmbean.RequiredModelMBean. invokeMethod(RequiredModelMBean.java:1304) ... Caused by: com.ibm.bpm.embeddedecm.exception.UserOrGroupNotFoundException: CWTDS0030E: The user or group '#AUTHENTICATED-USERS' does not exist. Explanation: The user or group for the specified name could not be found. Action: Check your input parameters. Then, run the command again. at com.ibm.bpm.embeddedecm.mbean. InternalBPMDocumentStoreMBeanImpl.getGranteeName (InternalBPMDocumentStoreMBeanImpl.java:85) ...
Local fix
Instead of '#AUTHENTICATED-USERS' you can use your own group name (which must exist have the required authorization). For more information, see Administering the technical user for the IBM BPM document store (http://www.ibm.com/support/knowledgecenter/SSFPJS_8.5.6/com.ibm .wbpm.admin.doc/topics/tbpmdocauth.html).
Problem summary
#AUTHENTICATED-USERS is a built-in symbolic group name. The current implementation does not consider all aspects for the symbolic name and might handle the name like a group name.
Problem conclusion
A fix is/will be available for IBM BPM V8.5.6.0 that ensures the symbolic group name #AUTHENTICATED-USERS is handled correctly. For more information about the expected behavior, see ?#AUTHENTICATED-USERS? (http://www.ibm.com/support/knowledgecenter/SSNW2F_5.2.0/com.ibm .p8.security.doc/p8psu039.htm?lang=en). On Fix Central (http://www.ibm.com/support/fixcentral), search for JR53756: 1. Select IBM Business Process Manager with your edition from the product selector, the installed version to the fix pack level, and your platform, and then click Continue. 2. Select APAR or SPR, enter JR53756, and click Continue. When you download fix packages, ensure that you also download the readme file for each fix. Review each readme file for additional installation instructions and information about the fix.
Temporary fix
Not applicable
Comments
APAR Information
APAR number
JR53756
Reported component name
BPM ADVANCED
Reported component ID
5725C9400
Reported release
856
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2015-07-02
Closed date
2015-08-28
Last modified date
2015-08-28
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
BPM STANDARD
Fixed component ID
5725C9500
Applicable component levels
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSFTDH","label":"IBM Business Process Manager Standard"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"856","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
31 August 2023