Security Violation – Using Environment Utilities in IPA

Many times, you will have a need to run environment utilities (such as importdb) using a system command node, or a batch job such as IMDBB.  If you are getting security violations when you attempt to use these tools, you will need to elevate the Lawson Security privileges of the user running IPA.  The reason for this is that the system user running the IPA service is who actually is running those system commands.  Windows took away the ability to do a “run as”, so there is no way to bypass that user.

If you don’t know which user is running IPA, you can find out by executing a “whoami” command in a system command node on your IPA server.

Next you need to find this user in Lawson Security so you can elevate his privileges.  Open up Lawson Security and go to Manage Identities.  Search for the service account that you discovered in your “whoami” command.

Make not of the RMID and use that to search for the user under User Management.  Set that user’s “CheckLS” to “YES” and give him the roles required to allow access to the necessary environment utilities.