Error "User does not have permissions to create a resource of the given type ." occurs when trying to save an Asset Management or CMDB Solution asset type after upgrading to from Symantec Management Platform 7.1 to Symantec Management Platform 7.5
After upgrading to Symantec Management Platform 7.5 from Symantec Management Platform 7.1, when trying to create new Asset Management or CMDB Solution asset types, such as a Software Purchase, a Purchase Order, Computer, etc., when trying to save the new asset, a permission error occurs. Some Asset Management or CMDB Solution asset types may be able to be created and saved. Assets that already exist may be able to be edited and saved, but just not created. This error appears on the bottom right of the asset edit window:
The domain user account that was logged into the Symantec Management Platform server that performed the upgrade from 7.1 to 7.5 did not have Sysadmin and/or DBO ownership rights to the Symantec_CMDB database. Even if this was the App ID, this can still happen. When this occurred, permissions were lost. This will manifest itself in several different ways for potential issues during or after upgrading, including this article's issue and is not therefore solely an Asset/CMDB problem.
Information about the root cause can be found in the following article:
Before attempting the recommended reconfiguration of the solution-- first try a simpler solution as outlined by TECH227526. If running the SQL script attached to TECH227526 does not correct this problem then proceed to the solution prescribed below.
Repair the Symantec_CMDB database while logged in as the App ID, which has Sysadmin and DBO ownership rights to the database.
On the Symantec Management Platform server, log in as the Application ID (App ID) user. This is preferred over any other user account. If it's not known which user this is, click on the Settings button > All Settings > Notification Server > Notification Server Settings. The user listed in the Application Identity section is the App ID.
On the SQL Server, ensure that the App ID has Sysadmin and DBO ownership rights to the Symantec_CMDB database. This is performed in the SQL Server Management Studio under Security > Logins. The App ID should be listed here, if not, add this domain user account. Right click on the App ID user and select Properties. Then, click on the Sever Roles page. Ensure that the roles include at least Public and Sysadmin, then click on the OK button.
Back in the Symantec Management Platform, click on the Settings button > Notification Server > Database Settings.
Click on the Repair Database button. WARNINGS: (1) The customer is recommended to perform a full backup of their Symantec_CMDB database in SQL first before doing this. If issues occur later due to the repair, the original database can be restored from the backup. (2) After clicking on the Repair Database button, Altiris as a whole will be offline for the duration of the repair. This may take several hours. It is therefore recommended to perform this operation off of production hours. As this does not require intervention by the customer, this can be, for example, initiated at the end of the production day. When the customer returns in the morning, this should be successfully completed.
After the repair finishes, try to reproduce the permission errors. This should now be resolved. Note: As mentioned on step 4, if other issues then start occurring after the repair, there may have been other issues that were present that the repair further compounded. Restore the database, and then contact Symantec Technical Support to resolve the other issues before continuing with the solution that this article is for.
If a Database Repair does not solve the issue, uninstall and reinstall the effected solution from the Symantec Installation Manager.
If these steps do not resolve the issue, the database will need to next be restored to 7.1's, assuming that a backup was performed before the upgrade. Then, follow the instructions from TECH215867 to correct the issue directly in that database, Lastly, perform the upgrade once again, while still ensuring that the App ID has Sysadmin and DBO ownership rights to the Symantec_CMDB database.