Pivotal Knowledge Base

Follow

Cannot add user to cloud_controller.global_auditor group

Environment

Pivotal Cloud Foundry® (PCF) 1.10.x

Symptom

If you follow https://docs.pivotal.io/pivotalcf/1-10/adminguide/uaa-user-management.html#global-auditor to create a Global Auditor account that has read-only access, step 1, 2 and 3 can succeed, while step 4 failed to add the new user as a member of the cloud_controller.global_auditor group.  

$ uaac target uaa.sample.system.io --skip-ssl-validation
Target: https://uaa.sample.system.io
Context: admin, from client admin

$ uaac token client get admin -s <UAA Admin Client Credential>
Successfully fetched token via client credentials grant.
Target: https://uaa.sample.system.io
Context: admin, from client admin

$ uaac user add Alice -p
SecretPassword --emails alice@example.com
user account successfully added

$ uaac member add cloud_controller.global_auditor Alice
CF::UAA::NotFound: CF::UAA::NotFound

Cause

The cloud_controller.global_auditor doesn't exist by default. 

Resolution

Create the group manually, and then add the user to the group again. 

$ uaac group add cloud_controller.global_auditor

 

Comments

Powered by Zendesk