[Pki-users] PKI Console - Publishing Acl Error

[Frederic d'Huart]

Hello Pki Users,

I have an problem to access the DogTAG Publishing tab of the PKIConsole.

I want to enable a new CRL File publishing object as described into the
section 8.2.1 of the admin guide.
but I receive the error "You are not allowed to perform this operation"
anytime I'm trying to access the
publishing tab and subObjects.

The ca_log show this error
___

/var/log/pki-ca/debug

[10/Oct/2010:11:06:52][http-9445-Processor24]:
LdapBoundConnFactory.java:391:returnConn() returnConn: mNumConns now 3
[10/Oct/2010:11:06:52][http-9445-Processor24]:
AAclAuthz.java:643:evaluateExpressions() evaluated expression:
group="Registration Manager Agents" to be true
[10/Oct/2010:11:06:52][http-9445-Processor24]:
SignedAuditEventFactory.java:78:create() SignedAuditEventFactory:
create()
message=[AuditEvent=AUTHZ_FAIL][SubjectID=admin][Outcome=Failure][aclResource=<null>][Op=<null>]
authorization failure

[10/Oct/2010:11:06:52][http-9445-Processor24]:
LdapBoundConnFactory.java:343:getConn() getConn: mNumConns now 2
[10/Oct/2010:11:06:52][http-9445-Processor24]:
LdapBoundConnFactory.java:391:returnConn() returnConn: mNumConns now 3
[10/Oct/2010:11:06:52][http-9445-Processor24]:
SignedAuditEventFactory.java:78:create() SignedAuditEventFactory:
create()
message=[AuditEvent=ROLE_ASSUME][SubjectID=admin][Outcome=Failure][Role=Certificate
Manager Agents, Registration Manager Agents, Trusted Managers,
Administrators, Security Domain Administrators, Enterprise CA
Administrators, Enterprise KRA Administrators, Enterprise OCSP
Administrators, Enterprise TKS Administrators, Enterprise RA
Administrators, Enterprise TPS Administrators] assume privileged role


I have checked everywhere in the PKIConsole ACL's tab, but I didn't find
anything ...
Does somebody would have an idea how to fix it ?



Thank you ..
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20101010/6198f0d4/attachment.htm>