Signiant Support

Jobs fails after enabling the "Restrict Component Access" feature. Print


Problem

Previously successful transfers fail after an attempt is made to increase security by using the "Restrict Component Access" feature.  Despite selecting the proper component from the drop down list, jobs are failing with the following error:

The local security policy does not permit execution of this copy of template 'MediaMoverDistribution' from 'Source Agent' to be executed as user 'Target User'.

Discussion

When a transfer starts the source agent receives the template information from the manager and attempts to execute these instructions on the target agent. With the "Restrict Component Access" feature enabled the source agent uses it's template to generate a hash or fingerprint which it sends to the target. The target agent has a record of the hash for the version of the component stored on its manager.  These hashes are compared by the target, and if the the two hashes are not identical the target will not permit the templates execution.  Any difference between the components stored on the source and target manager will result in different hashes, and will thus prevent the execution of the component on the target agent.

Currently for the "Restrict Component Access" feature to work both managers must be the same version number.   Different build numbers within the same release should be compatible.  For example, a source running 8.4 build 190 is compatible with a target running  8.4 build 189, but a not with a target running any build of 8.3. The components must also be the same version and revision.

Also note that the "Restrict Component Access" feature is limited to workflow components, and cannot be used on jobs created using legacy templates.