[65:6] Internal Database layer reports: "Operation denied due to private objects."

Hi,

We are performing DC to DR Data Replication through Data Protector 23.4 and It was running successfully. Later, We enabled RBAC in DC & DR and as a result, replication is getting failed. While checking, we found the issue "[65:6] Internal Database layer reports: "Operation denied due to private objects."". Also, in DR Cell Manager, the session is showing as completed successfully, but no data is available for use. any idea about this issue?

  • 0  

    OK, so it sounds like you are replicating to a foreign cell. This is what we call "Automated Replication Synchronization". Please confirm.

    Now, in which phase of the session is this IDB error actually seen? Is this when media are tried to get imported into the foreign cell? Can you explain the different steps that are seen in the replication session report?

  • 0 in reply to   

    Yes, it is Automated Replication Synchronization going on and the issue is happening when the media is getting imported into the foreign cell

    [Normal] From: MSM@<DR CM hostname> "DC-DR Replication Store_gw1" Time: 13-09-2024 15:23:21
    Foreign medium "fd0310ac:66e40b51:cc1c:0460" found.

    [Normal] From: MSM@<DR CM hostname> "DC-DR Replication Store_gw1" Time: 13-09-2024 15:23:23
    Importing session into database:
    SessionID: 2024/09/13-37
    Owner: LDAP\<username|domain|DC CM hostname>@<DC CM hostname>
    Start time: 13-09-2024 15:22:10

    [Critical] From: MSM@<DR CM hostname> "DC-DR Replication Store_gw1" Time: 13-09-2024 15:23:23
    [65:6] Internal Database layer reports:
    "Operation denied due to private objects."

    Since both DC & DR are in RBAC, we added DC Cell manager entries in DR and vice versa. FYI, DC & DR CM is in cluster mode.

  • 0   in reply to   

    OK I did not really try ARS but I enabled RBAC on a 23.4 cell and next I tried to import a foreign medium and it worked without any issue. I guess what you want to check next is: which user is importing the media and to which group does the user belong in RBAC? I did try with an admin user, but you may be in a different situation and some re-shuffling may be required in RBAC to make sure the needed rights are added. Maybe you can run some tests by manually trying to import the media. That would also allow you to generate debugs very easyly if needed. But again, I would concentrate on the user that is used for the import and check the rights of the group it belongs to.

  • 0 in reply to   

    We have checked and verified that the user which we are using for replication is present in the Data Protector Admins group and also, We have added the User of DC Cell Manager in DR &DR Cell Manager in DC since it is present as foreign cell manager in each environment. But, the users of DC Cell Manager that added in the DR side is not reflecting in the file "RBAC_UserList" whereas Users that are added before enabling RBAC is only listed in that file (All the Users that added are getting listed in the GUI). 

  • 0   in reply to   

    That sounds OK. Those text files are actually just showing what has been migrated into RBAC, but as far as I know they are not used anymore afterwards. And indeed, the files are not updated with newly created users in RBAC.

    OK, I assume you have a case open with support on this? Did you provide any debugs?