Certain User Cannot See Profiles Assigned to Device
- 20 November 2019
- SOTI MobiControl
16 Answers- 0 Upvote
- 4 Followers
16 Answers
I see something similar in one of my customer's server recently. What are the version and build numbers of your MobiControl server?
We are on 13.4.0.5519.
Unfortunately, my customer's server is running v14.4.3.1115, and it may have a differnt problem from your case.
Can you please check if this user account is not part of other Groups? This may happen if user is part of multiple groups with conflicting access.
This user is only a part of a single group.
Have a 3rd user now where this is popping up. Wanted to add that this happens from multiple computers so it's not some kind of weird caching issue.
I can login with my user account on my laptop and everything is fine. I then logout and login with the profile-less user and the profiles are gone.
Is there a way to revoke a profile for a particular device via an android script? It could at least be a viable workaround if there was a script to revoke a particular profile and then re-install it once finished working with a device.
Hello all,
@chris -> i'm not expert but for me by script mobicontrol it's not possible but you can use perhpas mobicontrol api
URL/MobiControl/api/docs/Index#/
I've had a similar issue before which was resolved when I recreated the user.
Hi Chris,
you must add the user account to your profiles:
[Profiles Tab] / [YOUR Profile] / [Edit Permissions]:
We had the same issue after upgrading our enviroment.
We created a local soti-group and added this group to all profiles and users (its working for soti 13.X and 14.X).
The local soti-group has no permissions (Global Permissions or Device Group Permissions).
Regards,
Sascha
Our issue is actually viewing the profiles at the device level and selecting the Profiles pane to the right. We have a user group with 18 users in there, and there are 2-3 who just cannot see the profiles assigned to any devices and everyone else in the group can.
Hi Chris,
we had the same issue with the profile-view in the device-details. Only members of the mobicontrol administrator could view the profiles in the device details. All other users or user groups could not list profiles. We were able to solve the issue by adding all profiles and users to one group.
If that doesn't work for you, could you please check the permissions for the users in the database?
Table: SecurityPrincipal; Column: RightsGranted / RightsDenied
The value must be the same for your users in one group.
Regards, Sascha
Here are the database values for the particular User in question and also the group they are a member of. I just had a new user report this to me this morning as well with the same issue. The user this morning has been a part of this group for over 2 years and just now is seeing the issue.
User/Group RightsGranted RightsDenied
Group 1161479415926020 3271751431598842
User 0 0
Should the user show the same RightsGranted and RightsDenied values as the group in the database?
I created a new user and assigned permissions manually instead of attaching the user to the group in question. On initial look, device profiles were still not visible although security permissions looked like they should have access.
I then went to the profile security and added the user with read-only permissions to the profile and the new user can now see the profile from the device screen and is able to revoke/install it like normal.
I guess I'm a little confused as I've never had to do this for any users, and it's not affecting all users.
Hi Chris,
have you updated your environment? We had the same issue after upgrading our environment.
I recommend you create a group and add all users and profiles. The group will automatically be a member of new profiles.
The group does not require any permissions (Global Permissions or Device Group Permissions). The group is only member of all profiles.
Regards,
Sascha
We recently did a maintenance release to latest 13.4 versions. However, we were having this issue prior to that update also.
I wrote a SQL script to insert records into the UserAccessControl table to get what I needed for our main group. We have other groups that should only see one profile so now I'll have to granularly create these permission relationships and it's easier in SQL (for me at least).
I don't think SOTI really supports direct SQL modifications, but script below is what I'm using to associate a user group to a profile.
declare @group nvarchar(100) = 'GroupName'
declare @profile nvarchar(250) = 'ProfileName'
declare @catID int
declare @princID int
set @princID = (SELECT PrincipalId FROM SecurityPrincipal WHERE PrincipalType = 0 and PrincipalName = @group)
set @catID = (SELECT CatalogueItemId from CatalogueItem where Name = @profile and IsDeleted = 0 and CatalogueItemTypeId = 1)
INSERT INTO UserAccessControl (PrincipalId, CatalogueItemId, CanView, CanEdit)
VALUES (@princID, @catID, 1, 0)
Hi Chris,
we also used a sql-statement to add our group to all profiles.
Regards, Sascha