You are not authorized to login.You need the Suite User role

A forum for discussing DataStage<sup>®</sup> basics. If you're not sure where your question goes, start here.

Moderators: chulett, rschirm, roy

Post Reply
attu
Participant
Posts: 225
Joined: Sat Oct 23, 2004 8:45 pm
Location: Texas

You are not authorized to login.You need the Suite User role

Post by attu »

Hi,
We are configuring Active Directory on our 11.5 environment. The WebSphere has been configured with Active Directory and able to see the users and groups, however I am not able to login to IS console after assigning the roles to the admin dsadm ID.

Code: Select all

./DirectoryAdmin.sh -admin -user -userid "CN=dsadm,OU=xx,OU=xxx,OU=xx ,OU=xxxx,OU=xx,OU=xx,OU=xx,DC=xx,DC=xx"
DETAILS OF THE USER:
userid is dsadm

Groups the user dsadm is part of:
dstage
users

Roles assigned to the user dsadm:
RulesAdministrator
DataStageAdmin
MDWAdministrator
SuiteAdmin
FastTrackAdministrator
ISDAdministrator
SorcererAdmin
SuiteUser
CMAdmin
GlossaryAdmin

Time taken to execute the operation is 732 ms
IS Administrator roles have been granted to the user CN=dsadm,OU=xx,OU=xxx,OU=xx ,OU=xxxx,OU=xx,OU=xx,OU=xx,DC=xx,DC=xx
I can login to the dsadm ID using Active Directory credentials from the DS Server.

The error from IS Console is:

Code: Select all

You are not authorized to login. You need the Suite User role in order to login. 
I have checked and validated the Distinguished name from software LDAP tool and it matches with the values defined in the WebSphere console for the user/group attributes .

Any insights or pointers will be highly appreciated.

Thanks
ray.wurlod
Participant
Posts: 54607
Joined: Wed Oct 23, 2002 10:52 pm
Location: Sydney, Australia
Contact:

Post by ray.wurlod »

Even though you have Suite Admin (and other roles), you still have to have Suite User to do anything at all in Information Server.

The Suite roles are not cumulative.
IBM Software Services Group
Any contribution to this forum is my own opinion and does not necessarily reflect any position that IBM may hold.
skathaitrooney
Participant
Posts: 103
Joined: Tue Jan 06, 2015 4:30 am

Post by skathaitrooney »

Ray, in the screenshot the dsadm user has both SuiteUser and SuiteAdmin roles.

I have had the same issue once with IIS11.5.

What i did was switch it back to internal registry and re-configure LDAP. But this time i did it using FederatedRepositories (that's what IBM suggested as opposed to Standalone LDAP).

I probably missed some minor steps the first time while configuring LDAP. Its really important to follow all the steps(correctly) documented by IBM to configure LDAP.

Steps such as deleting all internal registry user and groups prior to LDAP config should not be missed
Post Reply