IBM Support

"Standard Error 5 ... Validate Parameter Access Error" when running report books as a restricted user

Troubleshooting


Problem

User clicks "Reports - Run". User clicks "Report Books" tab. User chooses selection(s), and clicks "run". An error appears. NOTE: Problem does not affect all users. Only users with restricted rights receive the error (administrative users such as ADM do not get the error).

Symptom

Information

Standard Error

Number: 5

Source: ControllerProxyClient

Description: System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> System.Exception: Validate Parameter Access Error

at Cognos.Controller.SEC.ParameterValidator.ValidateParameter(String sParamType, String sItem, String sReadWrite)

at Cognos.Controller.SEC.ParameterValidator...

<...>

[OK]


Cause

Code production problem (defect PM77172) in some versions of Controller.

The problem only effects customers who have report books which contain dummy data for a report code - this causes Controller to check the access right for this 'dummy report code' that does not exist.

Resolving The Problem

Fix:
Upgrade to Controller 10.1.2155 or later.

Workaround:
There are several different workarounds:

  • Method #1
Run each report individually (not all together/simultaneously as part of a report book package).
  • Method #2
Skip the security checking for Report books performed by "WebServiceParameterCheck.acl".
  • TIP: This does not compromise security since the access rights for the reports (included in the report book) will be checked on the server side anyway (via a separate/different method).
    Steps:
    1. Logon to the Controller application server as an administrator
    2. Open the folder "...c10\ControllerProxyServer". TIP: By default this is located here: C:\Program Files (x86)\ibm\cognos\c10\ControllerProxyServer
    3. As a precaution, create a backup copy of "WebServiceParameterCheck.acl" (e.g. "WebServiceParameterCheck.original.backup")
    4. Open the file "WebServiceParameterCheck.acl" inside NOTEPAD.EXE
    5. Search to locate the phrase "ReportSet_GetBookRs"
    6. Modify the setting from the default (1) to: 0
    7. Save changes
    8. Test.
  • Method #3
Ensure that the 'bad' user has read-only access to the report book.
    Steps:
    1. Launch Controller, and logon as an administrator (e.g. ADM)
    2. Click "Maintain - Rights - Security Groups"
    3. Click on tab "Reports"
    4. Locate relevant report (e.g. 1140)
    5. Modify the rights so that the relevant 'bad' users have read access to that report.

Related Information

APAR PM77172

[{"Product":{"code":"SS9S6B","label":"IBM Cognos Controller"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Controller","Platform":[{"code":"PF033","label":"Windows"}],"Version":"10.1.1","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
15 June 2018

UID

swg21622273

Page Feedback