An error indicating that the server could not remove a user is received when trying to remove a user (NETIQKB18307)

  • 7718307
  • 02-Feb-2007
  • 19-Jun-2007

Resolution

fact
Directory and Resource Administrator 6.x

fact
Directory and Resource Administrator 7.x

symptom
An error indicating that the server could not remove a user is received when trying to remove a user from a group.

symptom
Error: 'The Administration server could not remove the user1 member: The client does not have any more powers over the object' .

cause
This issue is by design and is due to how the ActiveView is configured. The above error will appear when an Assistant Admin is trying to remove a user from a group and the ActiveView does not have a rule to include the user if the user is allowed to be removed from the group.

fix

This issue is best illustrated with an example. 

In the example below we have a user called UserX that belongs to a group called Sales. The ActiveView is defined with the following rule and power.

  • Include group Sales and members who are Users.
  • With the power:  Remove a member - Modify Group membership.

With the ActiveView above, if the Assistant Admin is able to remove 'UserX' from the 'Sales' group,  the object would no longer be included in any other rule under that ActiveView and would not be a managed object. 

To resolve this, create a rule to include this object after it is removed from the group like 'Include All users in DomainX'.



Additional Information

Formerly known as NETIQKB18307