Editing workflow with OS authentication

Permanently deleted user

22. Mai 2018 16:34

Hi. After switching from sql database authentication to OS auth, my server-side workflow is failing, when attempting to create a new feature. It fails silently, but in ArcGIS Server logs I see following error: "Error: Insufficient permissions [<DB>.<SCHEMA>.<TABLE>]." 

 

We have granted appropriate permissions to the windows account running Arcgis Server to allow editing of features. And it works outside of my workflow. 

 

I concluded the issue is that the account running the workflow lacks the appropriate permissions, so I changed the identity of the app pool associated to the rest site; to the same windows account we are using for AGS. It still fails with same error in AGS logs.

 

Any suggestions.

 

Thanks

0

• 

  Berend Veldkamp

  25. Mai 2018 14:15

  How is the layer's security configured in the REST manager, did you specify a user that connects to the mapservice?

  0
• 

  Permanently deleted user

  29. Mai 2018 19:12

  Berend, the service is secured. In essentials manager I have configured token based security in the connection settings interface and specified a user that has read\write access to the service. That part seems fine. The layer shows up in the viewer, no prob. It's just executing the workflow that is the problem.

   

  Thanks

  0
• 

  Zack Robison

  29. Mai 2018 19:22

  How are you connecting to the service in the workflow?  The credentials used to authenticate your Add/Update/Delete Features activities need to have the correct AGS permissions.  Most commonly, admins use a token for this authentication, either from the GetToken activity or the GetMapServiceInfo activity.  If this is your case, then you need to find whether those credentials have permission to edit your service or not. 

  0
• 

  Permanently deleted user

  29. Mai 2018 20:38

  Zack, in my WF, i'm using the 'GenerateToken' activity. The user specified there, is in the active directory group used to secure the service. So, the account is authorized to edit the service.

   

  Thanks

  0
• 

  Permanently deleted user

  30. Mai 2018 15:03

  Found the issue. It was database permissions. The account running AGS had read and write permissions, but it needed to be granted insert, delete and update permissions. After this was done (via arccatalog), the workflow works. 

   

  It looks like there is no need to modify default app pool identity. 

  0
• 

  Permanently deleted user

  6. Juni 2018 09:53

  Also ArcServer 10.6 addresses the bug to allow OS accounts to read "geospatial views". DB accounts can in pre-10.6.  Not 100% related to this question but might be helpful as people research OS Authentication issues.

  0

Bitte melden Sie sich an, um einen Kommentar zu hinterlassen.