When using an email endpoint in LiveCycle ES2 on WebSphere, you may notice the following error in the server log each time the email endpoint is invoked, or scans for new emails:
00000020 RoleBasedAuth A SECJ0305I: The role-based authorization check failed for naming-authz operation NameServer:bind_java_object. The user UNAUTHENTICATED (unique ID: UNAUTHENTICATED) was not granted any of the following required roles: CosNamingWrite, CosNamingDelete, CosNamingCreate. 00000020 EmailReaderIm E com.adobe.idp.dsc.provider.service.email.impl.EmailReaderImpl getEmailSourceLock NO_PERMISSION exception caught
This error is repeatedly sent to the server log due to missing permissions for the CORBA naming service groups in WebSphere.
Here is the configuration with the missing privileges:
By making a small change in the WAS admin console you can resolve these errors. You need to add the privileges for “Cos Naming Write”, “Cos Naming Delete” and “Cos Naming Create” to the CORBA naming service groups.
Open the WebSphere administration console
Goto Environment > Naming > CORBA Naming service groups
Add the following privileges “Cos Naming Write”, “Cos Naming Delete” and “Cos Naming Create”
Restart the WebSphere application server for the changes to take affect
Here is the correct configuration: