Error message when PS user tries to change either password or expired password
When user tries to change the expired password an error message appears as, "Not Authorized" error or "First operand of . is Null"... error.
As a result, a PeopleSoft user cannot change their password using the Change Password link or after it has expired. Error message would be first operand of . is null so cannot access member userid at expire_change_pswd.gbl.saveprechange.
On examining the peoplecode, we could see all the necessary objects are properly initialized and would wonder why this error message would occur. To find out the solution, in terms of PeopleSoft security, we need to know more on how changing the password and changing the expire password works in PeopleSoft.
PSWDEXPR Permission List:
The expired password page is controlled by the PSWDEXPR permission list. The reason for this error could be because the delivered PSWDEXPR permission list could have got either modified or deleted or something related to it in the Portal structure and content got modified. PeopleSoft delivers this default permission list and it should not be deleted or modified.
This permission list cannot be modified in PeopleTools 8.1x. The reason this cannot be done is because this functionality is hardcoded for the PSWDEXPR permission list and will not allow a redirection unless the customizations made were named the same and replaced in the existing component. Or the actual USER_SELF_SERVICE page may be customized if needed. This functionality has all been changed in PeopleTools 8.4. So, any modifications made to PSWDEXPR permission list could cause this error.
What PSWDEXPR permission list does?
This permission list is used in the code to allow users to change this passwords but not have any other access until this is done. When a password expires for a user, the system automatically removes all of the user's roles and permission lists and temporarily assigns them the permission list PSWDEXPR only. A user whose password has expired can only access items in the PSWDEXPR permission list until the user changes the password, the user is restricted solely to the PSWDEXPR permission list.
This permission list is used in the code to allow users to change this passwords but not have any other access until this is done. When a password expires for a user, the system automatically removes all of the user's roles and permission lists and temporarily assigns them the permission list PSWDEXPR only. A user whose password has expired can only access items in the PSWDEXPR permission list until the user changes the password, the user is restricted solely to the PSWDEXPR permission list.
Solution:
To resolve this issue, PSWDEXPR permission list should be restored back from other environments where it is untouched or from demo environment.
After creating the PSWDEXPR permission list then, on PeopleTools 8.4x the portal registry should be checked for:
- Navigate to PeopleTools > Portal > Structure and Content. Then click the Portal Objects link and then Templates and edit the Expired Password Template. On the security tab make sure the PSWDEXPR permission list is there. If not add it.
- Navigate back to the root of the portal structure and content and look under the Tools - Hidden link. Edit the Change Expired Password and look at the security tab to see that the PSWDEXPR permission list is there.
- Also on the General tab try hit the Test Content Reference link and check if the resulting page takes to required page.
- Also see, if this page shows the portal navigation too then the "no template" checkbox must be checked. This is required to get this to work correctly, as the code is trying to load the page in a "psc" format and not "psp”
- Bounce the web server, clear local cache and test.
If the user still could not change the password, please check if the user has access to the component interface USERMAINT_SELF which is associated with My profile component enabling the current user to access the page. Sometimes what could happen is even when modifying the permission list PSWDEXPR, still the page could error out. So it is better to check out if the user trying to change the expired password has access to the CI – USERMAINT_SELF. After adding full access to this CI to any permission list, and adding that permission list to a role which is assigned to the user, the user will now be able to change their password. Read my post on How to find which users have permission and do not have access to a PeopleSoft Component Interface?
For more details about this CI look at PeopleBooks:
Security > Completing Other Security Administration Tasks > Understanding Security Integration Programs > Component Interfaces > USERMAINT_SELF.
Or alternatively one could search for ‘Component Interfaces’ in Peoplebooks to retrieve the list of the Component Interfaces used in PeopleTools security.
Or alternatively one could search for ‘Component Interfaces’ in Peoplebooks to retrieve the list of the Component Interfaces used in PeopleTools security.
No comments
Please refrain for marketing messages and unnecessary back links.