Hello Cornelius,
Could you please provide a few steps for troubleshooting “Admin actions are
defined, but this action is not allowed!” issues?
For example, when I logged in into admin scope and admin realm which I had
previously defined, I’m getting this message when trying to add a new
policy for webui scope:"Admin actions are defined, but this action is not
allowed!"
I also have the whole set of options available in my admin realm enabled:
{ “set”: true, “revoke”: true, “adduser”: true, “enrollSMS”: true,
“policydelete”: true, “policywrite”: true, “enrollTIQR”: true,
“configdelete”: true, “machinelist”: true, “enrollREMOTE”: true, “setpin”:
true, “resync”: true, “unassign”: true, “tokenrealms”: true, “enrollSPASS”:
true, “auditlog”: true, “enrollPAPER”: true, “deleteuser”: true,
“enrollEMAIL”: true, “resolverdelete”: true, “enrollMOTP”: true, “enrollPW”:
true, “enrollHOTP”: true, “enrollQUESTION”: true, “enrollCERTIFICATE”: true,
“copytokenuser”: true, “configwrite”: true, “enrollTOTP”: true,
“enrollREGISTRATION”: true, “enrollYUBICO”: true, “resolverwrite”: true,
“updateuser”: true, “enable”: true, “enrollU2F”: true,
“manage_machine_tokens”: true, “getrandom”: true, “userlist”: true,
“getserial”: true, “system_documentation”: true, “caconnectordelete”: true,
“caconnectorwrite”: true, “disable”: true, “mresolverdelete”: true,
“copytokenpin”: true, “enrollRADIUS”: true, “set_hsm_password”: true,
“reset”: true, “getchallenges”: true, “enroll4EYES”: true, “enrollYUBIKEY”:
true, “fetch_authentication_items”: true, “enrollDAPLUG”: true,
“mresolverwrite”: true, “losttoken”: true, “enrollSSHKEY”: true,
“importtokens”: true, “assign”: true, “delete”: true }
But still getting this reject.
I tried to watch on logs while doing this and there’s nothing in
privacyidea.log file in the moment of this message appearance with
PI_LOGLEVEL = logging.DEBUG
in pi.cfg