Troubleshooting: Access control issues

Access control problems are often indicated by generic application errors with error message keys such as _ERR_USER_AUTHORITY. The first step in problem determination is to enable tracing for the access control component.

  1. Turn on the access control trace component, WC_ACCESSCONTROL, in the WebSphere Application Server.
  2. Open the trace.log file.
  3. Starting from the end of the file, perform a backward search for =false to find access control check that failed.
    For example:
    WC_ACCESSCONT ... PolicyManagerImpl.isAllowed 
    PASSED? =false
    
  4. To determine what was being checked, perform another backward search for the string isAllowed?.
    For example:
    WC_ACCESSCONT ... PolicyManagerImpl.isAllowed isAllowed?
    User=100000000505; Action=Execute; 
    Resource=
    com.ibm.commerce.usermanagement.commands.UserRegistrationAdminUpdateCmdImpl;
    
    Owner=7000000020002000000; 
    Resource Ancestor
    Orgs=7000000020002000000,7000000020000000000,-2001; 
    Resource Applicable Orgs=7000000020002000000