Notifications

65 views

Description

Symptoms

When an outbound REST request is executed using RESTMessageV2 via a MID server as a user with snc_read_only role, it fails with the below error:

Security restricted: access for table: ecc_queue, user: abel.tuter, operation: create -- from class: ReadOnlyRoleAccessHandler
REST Msg Outbound - ECCRESTResponse : Error while evaluating the XPATH Expression against response: org.apache.axiom.om.OMException: com.ctc.wstx.exc.WstxEOFException: Unexpected EOF in prolog
 at [row,col {unknown-source}]: [1,0]: org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:297)
org.apache.axiom.om.impl.dom.DocumentImpl.getOMDocumentElement(DocumentImpl.java:446)
org.apache.axiom.om.impl.dom.DocumentImpl.getDocumentElement(DocumentImpl.java:458)
com.glide.rest.outbound.ecc.ECCRESTResponse.getNodeList(ECCRESTResponse.java:252)
com.glide.rest.outbound.ecc.ECCRESTResponse.extractHeaders(ECCRESTResponse.java:215)
com.glide.rest.outbound.ecc.ECCRESTResponse.processResponse(ECCRESTResponse.java:176)
com.glide.rest.outbound.ecc.ECCRESTResponse.fetchAndProcessEccResponse(ECCRESTResponse.java:246)
com.glide.rest.outbound.ecc.ECCRESTResponse.getBody(ECCRESTResponse.java:135)

Release

Applicable to all releases

Cause

Since the REST Message is via the MID server, a RESTProbe ecc_queue record is supposed to be created for the MID server to process this request. However, the creation of this record fails because the user has the snc_read_only role and doesn't have the permission for the 'create' operation on the ecc_queue table. 

Resolution

To be able to let users with snc_read_only execute RESTMessageV2 requests via the MID server, you need to create the following property:

Name: glide.security.snc_read_only_role.tables.exempt_create

Type: string

Value:

sys_user_session, sysevent, syslog, syslog_transaction, sys_user_preference, sys_ui_list, sys_ui_list_element, sys_db_cache, user_multifactor_auth, ecc_queue

This will allow the 'create' operation to be successful on the ecc_queue table even though the user has the snc_read_only role. 

Additional Information

Read-Only properties

Article Information

Last Updated:2019-08-02 20:37:16
Published:2019-07-27