I’ve recently stumbled on the following error in SCSM 2012 R2:
Microsoft.EnterpriseManagement.Common.UnauthorizedAccessEnterpriseManagementException: The user CONTOSO\User1 does not have sufficient permission to perform the operation.
at Microsoft.EnterpriseManagement.Common.Internal.ServiceProxy.HandleFault(String methodName, Message message)
at Microsoft.EnterpriseManagement.Common.Internal.ConnectorFrameworkConfigurationServiceProxy.ProcessDiscoveryData(Guid discoverySourceId, IList
1 entityInstances, IDictionary2 streams, ObjectChangelist
at Microsoft.EnterpriseManagement.ConnectorFramework.IncrementalDiscoveryData.CommitInternal(EnterpriseManagementGroup managementGroup, Guid discoverySourceId, Boolean useOptimisticConcurrency)
at Microsoft.EnterpriseManagement.ConnectorFramework.IncrementalDiscoveryData.Commit(EnterpriseManagementGroup managementGroup)
at Microsoft.EnterpriseManagement.UI.SdkDataAccess.DataAdapters.EnterpriseManagementObjectProjectionWriteAdapter.WriteSdkObject(EnterpriseManagementGroup managementGroup, IList1 sdkObjects, IDictionary
at Microsoft.EnterpriseManagement.UI.SdkDataAccess.DataAdapters.SdkWriteAdapter1.DoAction(DataQueryBase query, IList
1 dataSources, IDictionary2 parameters, IList
1 inputs, String outputCollectionName)
at Microsoft.EnterpriseManagement.UI.ViewFramework.SingleItemSupportAdapter.DoAction(DataQueryBase query, IList1 dataSources, IDictionary
2 parameters, IList1 inputs, String outputCollectionName)
at Microsoft.EnterpriseManagement.UI.DataModel.QueryQueue.StartExecuteQuery(Object sender, ConsoleJobEventArgs e)
at Microsoft.EnterpriseManagement.ServiceManager.UI.Console.ConsoleJobExceptionHandler.ExecuteJob(IComponent component, EventHandler`1 job, Object sender, ConsoleJobEventArgs args)
A user part of Incident Resolvers group was not able to save particular custom filed in work item in SCSM console.
What I’ve found here and here that is some kind of bug since 2010 version of SCSM. There is way to fix it but keep in mind that the steps ARE NOT SUPPORTED BY MICROSOFT. The described steps are not new but I wanted to summarize them.
You have some custom fields added on work items (incident, change and etc.) forms in Service Manager. Users that are part of a group with less privileges like Incident Resolvers cannot modify these fields in the form and receive the error above.
There is a hotfix for 2010 version but that will not work for 2012. The hotfix contains SQL script that adds some stored procedures in your Service Manager DB. Luckily you do not even have to download the hotfix to find that SQL script as it is extracted by Roman Stadlmair and available here. And here arte he steps you can follow:
1. Copy the script and execute it against your Service Manager DB.
2. The script will add two stored procedure that you can use – p_AddRestrictrictionToOperationInProfile and dbo.p_RemoveRestrictrictionFromOperationInProfile. Here you can find syntax of the stored procedures.
3. In my case I’ve executed the following query against Service Manager DB:
exec p_AddRestrictrictionToOperationInProfile ‘IncidentResolver’, ‘Object__Set’, ‘@TypeName’, NULL, ‘@RelationshipTypeName’, NULL
where @TypeName is the configuration class that I’ve wanted to add to custom field in incident form and @RelationshipTypeName is the relationship class that I’ve used for the user picker control field.
After executing this command Incident Resolvers were able to add information for this field in incident forms. Problem solved.
Note: The steps are not supported by Microsoft and always contact Microsoft support if possible. Also first test in development environment before executing them in production.