Problem
From the main login page, if a user clicks the "Forgot Password" or "Register Now" hyperlink, the error BMXAA4038E "Cannot log in to perform this action" may be displayed.
Symptom
BMXAA4038E "Cannot log in to perform this action" when selecting "Forgot Password" or "Register Now", or other errors upon completing the Forgot Password or Self Registration screens.
Resolving the problem
The system property mxe.system.reguser is used internally to connect to the system for the Forgotten Password and User Self Registration applications. The value of this property should correlate with a user record on the database (maxuser.loginid) which has permissions for the FORGOTPSWD and SELFREG applications.
In the 6.x release, properties are stored in the maximo.properties file. In later releases, properties are stored on the maxpropvalue table (or overridden in maximo.properties) and can be seen in the System Properties application. If you change any properties via the System Properties application, make sure that you check the box next to the property and use the Live Refresh menu option to make the changes take effect.
Follow the list below to identify the cause of the "Cannot log in to perform this action" problem.
1) Find the value for the mxe.system.reguser property and ensure that a user exists having a loginid equal to this value.
2) Find the value for the mxe.system.regpassword property and ensure that the user found above has a password equal to this value. If you are not sure, you can reset the user's password and/or the property. (Users and passwords are managed via the Users application.)
3) Ensure that the mxe.system.reguser property is in the proper case. If it is in the proper case, find the value of the mxe.convertloginid property. When this property equals 1, the entered value of loginid is internally converted to upper case prior to authentication. If this property is 1 and the value of maxuser.loginid is not upper case, the user will not be able to log in.
4) Ensure that the user belongs to a security group that has permissions for the Forgotten Password and User Self Registration applications. (Use the Profile tab in the Users application.) Out of the box, the reguser belongs to the MAXREG security group, which has these permissions. If your reguser does not have these permissions then either add the user to the MAXREG group or configure the MAXREG group to have permission for these applications. (Group permissions are maintained via the Security Groups application.)
5) If the system is in Admin Mode, then Forgotten Password and User Self Registration are not permitted (by default). A superuser can access the Database Configuration application, Admin Mode option to see whether Admin Mode is on. Alternatively, you can perform a sql query "select value from maxvars where varname = 'ADMINRESTART'". If the value is ON then Admin Mode is on or in the process of being turned on.
If your end user is able to access the Forgotten Password or User Self Registration applications, but encounters errors when completing the transaction whose cause is not self-evident, then follow the steps below.
6) Ensure that email has been set up properly. The mail server is identified by the property mail.smtp.host. Later versions of 7.x support authentication to the email server. If your email server requires authentication, ensure that the properties mxe.smtp.user and mxe.smtp.password are correct.
7) If the problem is with Self Registration, ensure that the workflow process is configured. The maxvar SELFREGWF identifies the name of the workflow process (select varvalue from maxvars where varname = 'SELFREGWF'). The default value is SELFREG. Find this value in the Workflow Designer application and ensure that this is active and enabled. If you have Communication Templates associated with this workflow, ensure that Send From is a valid email address and that the Communication Template is active.
8) To complete the workflow process, the administrative user should log in and look at the Workflow inbox. There should be entries labeled "Review and approve/reject the self-registered user." Click Route on the notification inbox and approve or reject the self-registration. If the registration is accepted, then assign the new user to the appropriate security groups.
9) The approved new user should receive an email with notice of the registration approval. By default, the first time the user logs in, there will be a prompt to change the password.
8) To complete the workflow process, the administrative user should log in and look at the Workflow inbox. There should be entries labeled "Review and approve/reject the self-registered user." Click Route on the notification inbox and approve or reject the self-registration. If the registration is accepted, then assign the new user to the appropriate security groups.
9) The approved new user should receive an email with notice of the registration approval. By default, the first time the user logs in, there will be a prompt to change the password.
No comments:
Post a Comment