Troubleshoot CUIC User Collection Permissions

Available Languages

Download Options

  • PDF     (168.8 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (149.9 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (166.1 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:August 17, 2017
Document ID:211608

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes troubleshoot process for user permissions in Cisco Unified Intelligence Center (CUIC) server. 

    CUIC User Collection Permissions

    A typical CUIC issue is that a particular user cannot see collections or value lists to which the user has permissions.

    Check Permissions in CUIC Web Page

    In this example, a user cuicu1 has execute permission for Tech collection. Check the permissions configured for the user.

    The same user cuicu1 belongs to a group admin_custom that has permission to Sales collection.

      

    As a result, when the user runs a report there are two collections available in the list: Sales and Tech.

    Check Permissions in CUIC Database

    The same information can be verified from the database. 

    Step 1. Get user groups.

    admin:run sql SELECT gm.memberid,u.name,gm.groupid,g.name FROM cuic_data:cuicgroupmember gm \
    INNER JOIN cuic_data:cuicuser u ON u.id==gm.memberid INNER JOIN cuic_data:cuicgroup g ON g.id==gm.groupid WHERE u.name LIKE '%cuicu1%'
    memberid name groupid name
    ================================ ==================== ================================ ============
    F7DB93871000015C0000001E0A302F8E ADMINISTRATOR\cuicu1 2222222222222222222222222222AAAA AllUsers
    F7DB93871000015C0000001E0A302F8E ADMINISTRATOR\cuicu1 7CA0F8121000015C000003DE0A302F8E admin_custom

    The combined permissions list for this user is consists of three entires: 1st for the user itself, 2nd and 3rd for the group the user admin_custom belongs to. These values are used in the next queries.

    F7DB93871000015C0000001E0A302F8E, 2222222222222222222222222222AAAA, 7CA0F8121000015C000003DE0A302F8E

      

    Step 2. Get all permissions for this user and his groups for the collections.

    admin:run sql SELECT ca.usergroupid user_or_groupid,ca.collectionid,c.name collection FROM cuic_data:cuiccollectionauth ca \
    INNER JOIN cuic_data:cuiccollection c ON c.id==ca.collectionid \
    WHERE ca.usergroupid IN ('F7DB93871000015C0000001E0A302F8E','2222222222222222222222222222AAAA','7CA0F8121000015C000003DE0A302F8E')
    user_or_groupid                  collectionid                     collection
    ================================ ================================ ==========
    F7DB93871000015C0000001E0A302F8E EA6464501000015D0000007A0A302F8E Tech
    7CA0F8121000015C000003DE0A302F8E EA6420C11000015D000000750A302F8E Sales

    The list of collections from the output in the step 2 should match the list the user can see in the CUIC web page. Also the output from the database must be the same on all of the nodes in CUIC cluster.

    In case an inconsistency in permissions is found please contact Cisco TAC support.

    TAC Authored

    Contributed by Cisco Engineers

    • Alexander Levichev
      Cisco TAC Engineer

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products