CWSIA0069E: The user does not have authorization to carry out this operation

Technote (troubleshooting)


Problem(Abstract)

Your message producer is not able to connect to the JMS destination in your Service Integration Bus for WebSphere Application Server and throws a CWSIA0069E error.

Symptom

The following errors are thrown in the JVM logs (SystemOut.log):

javax.jms.JMSSecurityException: CWSIA0006E: The authorization for the supplied user name was not successful.

Caused by: javax.jms.JMSSecurityException: CWSIA0069E: The user does not
have authorization to carry out this operation. See the linked exception
for details.
at
com.ibm.ws.sib.api.jms.impl.JmsMsgProducerImpl.<init>(JmsMsgProducerImpl.java:381) at
com.ibm.ws.sib.api.jms.impl.JmsSessionImpl.instantiateProducer(JmsSessionImpl.java:1442) at
com.ibm.ws.sib.api.jms.impl.JmsSessionImpl.createProducer(JmsSessionImpl.java:866) at
gov.fbi.sentinel.search.manager.SearchIndexJMSQueuingStrategy.publishInBulkToQueue(SearchIndexJMSQueuingStrategy.java:136)
... 134 more
Caused by: com.ibm.wsspi.sib.core.exception.SINotAuthorizedException:
CWSIK0018E: Send access to destination SearchQueue was denied for user with subject .
at
com.ibm.ws.sib.comms.common.CommsByteBuffer.parseSingleException(CommsBy teBuffer.java:1786)

Cause

CWSIA0069E indicates that the application does not have authorization to create a producer for the requested JMS destination.


The primary reason for an authorization failure on a destination is that the user is
not in the relevant role for the destination being accessed.


Resolving the problem

Make sure that user has the proper authorization to access that destination as per this table.

Access Authorizations
Destination type Access roles
queue sender, receiver, browser, creator
port sender, receiver, browser, creator
webService sender, receiver, browser, creator
topicSpace sender, receiver
foreignDestination sender
alias sender, receiver, browser


After this you have to restart the messaging engine for these changes to take effect. Some times you may have to sync the servers in case of clusters to push this information to all members of the clusters. See the following sections of the Information Center for details on working with user roles in the different versions of WebSphere Application Server:

WAS V8.5: Administering destination roles

WAS V8: Administering destination roles

WAS V7: Administering destination roles

WAS V6.1: Administering destination roles through the command line

Related information

Service integration security planning
Administering authorization permissions:
Administering destination roles:
Administering topic roles
Securing service integration

Cross reference information
Segment Product Component Platform Version Edition
Business Integration WebSphere MQ Problem Determination AIX, HP-UX, HP Itanium, Linux, Linux on Power, Solaris, Windows, UNIX 7.5, 7.1
Business Integration WebSphere Enterprise Service Bus Admin AIX, HP-UX, Linux
Business Integration WebSphere Enterprise Service Bus Registry Edition
Business Integration WebSphere Process Server

Product Alias/Synonym

WebSphere Application Server WAS SIB SIBUS SI BUS

Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

WebSphere Application Server
Service Integration Technology

Software version:

6.1, 7.0, 8.0, 8.5

Operating system(s):

AIX, HP-UX, Linux, Solaris, Windows

Reference #:

1624564

Modified date:

2013-02-06

Translate my page

Machine Translation

Content navigation