04-16-2018 05:10 AM
we are experiencing a strange phenomene on our PA-7050.
We recently upgraded from 7.1.4 to 8.0.8 and have the following problem:
Has anyone else experienced this? Does anyone know what I need to do to correct this problem?.
04-16-2018 10:22 AM
1) What changes were the users with securityadmin trying to make; there are a number of things that a securityadmin is not allowed to modify. If another admin was currently working on changes that the securityadmin did not have rights to then you could see this issue present itself.
2) I would call TAC on this problem; the Superuser role is built in and you are not allowed to modify it, you should therefor have access to whatever you need. The only objection to this would be if they had the Superuser (read-only) Role assigned, which may be the case reading your final question.
3) This seems odd but could have happened during the 8.0 update. Using a user with the Superuser Role you should be able to give everyone the proper Role back.
04-16-2018 10:24 PM
We did open a TAC ticket.
What we noticed after the update was that the even though the Profile securityadmin had the rights to save, it did not work. It's as if the User could not save his own context.
Before the update, the admin could save his work (in his user context) and when a commit was performed then the changes was written to the running config. After the update, the admin can commit changes, but the save always returns a permission denied.
We are currently investigating other possible areas. Since we use ACS for the securityadmin authentication and Active Directory for superadmin authentication, we are checking to see if there are any changes that has an effect on the login.
I guess I will have to wait for the TAC response.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!