Solved: Orphaned User in VSOM

chriskeander · ‎11-08-2012

I'm new to the SysAdmin world and was tasked with being the point person for our Cisco PAM and VSOM system.

I wasn't in this department when the systems were installed in our department so I don't have much of a history as to who configured everything.

What I do know is that when I logged into the web interface of our VSOM system and looked at the users and roles, I noticed that only one role was available (Administrators) and a handful of users in our department had user accounts in that role.

I thought it was wise to create a "Viewers" role and add some of our SysAdmin members to that role (starting with myself) so they could monitor the data center, etc without needing to be logged in as an Admin of the system and potentially do damage.

So, I created the role and then created a user account for myself and then added myself to that role to test.

After doing this, I noticed that it automatically added the cpamadmin account to the new role in addition to the Administrator role. Well, I decided to uncheck the new "Viewers" role from the cpamadmin user, leaving it just in the Administrators role and I got unexpected results:

After logging out and backin to VSOM as cpamadmin I noticed that the user I created for myself AND the Viewers role were no longer visible. Clearing all cookies/cache in the browser and trying again didn't help either.

So, I recreated the "Viewers" role and then attempted to recreate my user account again and it said that it could not because the account already existed. Yet, I can't see it anywhere unless I go into Reports > User Activity Report.

Even more strange is that I can still login to the system with the user I created that doesn't seem to exist anymore in the system.

Any ideas?

Mike Brown · ‎11-08-2012

Chris, I've got 2 ideas for you.

If this is VSM 6.x login to VSOM as root. You will see all users and roles.
If you can not figure out the root password the best workaround I've found is:
1. Login to Administration
2. Click on Servers
3. Click on the server name
4. Click on Rights
5. You should see your missing role listed, click on it.
6. Click on Edit this role
7. Users tab
8. Add yourself back to the role

The reason this occured is if a user is not part of a role, they see nothing to do with the role. It's great for setting up faux admins that only need to administer user accounts for their department.

The root account will always see all groups and users and never show in any of the lists.

Hope that helps!

-Mike

View solution in original post

Mike Brown · ‎11-08-2012

Chris, I've got 2 ideas for you.

If this is VSM 6.x login to VSOM as root. You will see all users and roles.
If you can not figure out the root password the best workaround I've found is:
1. Login to Administration
2. Click on Servers
3. Click on the server name
4. Click on Rights
5. You should see your missing role listed, click on it.
6. Click on Edit this role
7. Users tab
8. Add yourself back to the role

The reason this occured is if a user is not part of a role, they see nothing to do with the role. It's great for setting up faux admins that only need to administer user accounts for their department.

The root account will always see all groups and users and never show in any of the lists.

Hope that helps!

-Mike

chriskeander · ‎11-08-2012

Mike, you rock! Thanks for this quick help!