3683492 - After upgrade errors are flooding with RUNAS_xxx” user in AS Java

Symptom

After applying the patch, an unusually high number of "RUNAS_xxx not authorized" error were reported:

[...]
Error checking applications status
[EXCEPTION]
com.sap.engine.services.jmx.exception.JmxSecurityException: Caller RUNAS_xxx not authorized, required permission missing ("javax.management.MBeanPermission" "-\#Settings[com.sap.default:J2EEServer=QPO,SAP_ITSAMJ2eeApplication.CreationClassName=SAP_ITSAMJ2eeApplication,SAP_ITSAMJ2eeApplication.Name=sap.com/tc~ejbexplorer~wd,SAP_ITSAMJ2eeCluster.CreationClassName=SAP_ITSAMJ2eeCluster,SAP_ITSAMJ2eeCluster.Name=QPO.SystemHome.a002-dbpoq1,cimclass=SAP_ITSAMJ2eeApplication,j2eeType=J2EEApplication,name=sap.com/tc~ejbexplorer~wd,type=SAP_ITSAMJ2eeCluster.SAP_ITSAMJ2eeApplication,version=3.2]" "getAttribute")
at com.sap.engine.services.jmx.auth.UmeAuthorization.checkMBeanPermission(UmeAuthorization.java:100)
at com.sap.engine.services.jmx.JmxServerFrame.checkMBeanPermission(JmxServerFrame.java:101)
at com.sap.engine.services.jmx.MBeanServerSecurityWrapper.checkMBeanPermission(MBeanServerSecurityWrapper.java:438)
at com.sap.engine.services.jmx.MBeanServerSecurityWrapper.getAttribute(MBeanServerSecurityWrapper.java:234)
at com.sap.engine.services.jmx.ClusterInterceptor.getAttribute(ClusterInterceptor.java:559)
at com.sap.pj.jmx.server.interceptor.MBeanServerInterceptorChain.getAttribute(MBeanServerInterceptorChain.java:161)

[...]
Caused by: java.security.AccessControlException: access denied ("javax.management.MBeanPermission" "-\#Settings[com.sap.default:J2EEServer=QPO,SAP_ITSAMJ2eeApplication.CreationClassName=SAP_ITSAMJ2eeApplication,SAP_ITSAMJ2eeApplication.Name=sap.com/tc~ejbexplorer~wd,SAP_ITSAMJ2eeCluster.CreationClassName=SAP_ITSAMJ2eeCluster,SAP_ITSAMJ2eeCluster.Name=QPO.SystemHome.a002-dbpoq1,cimclass=SAP_ITSAMJ2eeApplication,j2eeType=J2EEApplication,name=sap.com/tc~ejbexplorer~wd,type=SAP_ITSAMJ2eeCluster.SAP_ITSAMJ2eeApplication,version=3.2]" "getAttribute")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
at java.security.AccessController.checkPermission(AccessController.java:886)
at com.sap.engine.services.jmx.auth.UmeAuthorization.checkMBeanPermission(UmeAuthorization.java:84)
[...]

Environment

SAP NetWeaver Application Server for Java

Product

SAP NetWeaver Application Server for Java all versions

Keywords

Caller RUNAS_xxx not authorized, Permission missing, javax.management.MBeanPermission, access denied, java.security.AccessControlException. , KBA , BC-JAS-SEC-UME , User Management Engine , BC-JAS-SEC , Security, User Management , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.