Error: You are not authorized to run the job XXXXX
One of the most important part of PeopleSoft applcation is to run processes/reports to address the business requirements. All the jobs and processes are run on Process Scheduler but not every PeopleSoft user has access to run the processes. It is governed by the role of the user and security associated with the process/job.
User who needs to run the job should have access to associated component and the required authority to run the process. If you’re getting error “You are not authorized to run the job JOBNAME“, when trying to submit a job then follow the steps mentioned in this post. User may get this error when trying to submit the job/process. As the error suggest, it’s related to user security and process security.
Authorization to run a job/process is defined as process group in the Job/process definition. Process groups are nothing but the permission lists. Any user who wants to run the job/process should have that permission list added to one of his/her role. Below few queries will help you understand the process group security.
QUERY 1: TO FIND THE PROCESS GROUP (PRCSGRP) ASSOCIATED WITH JOB (PRCSJOBNAME)
SELECT B.PRCSJOBNAME,
B.PRCSGRP,
A.CLASSID AS PERMISSIONLIST
FROM PSCLASSDEFN A,
PS_PRCSJOBGRP B
WHERE A.CLASSID IN
(SELECT DISTINCT CLASSID
FROM PSAUTHPRCS
WHERE PRCSGRP IN
(SELECT PRCSGRP FROM PS_PRCSJOBGRP WHERE PRCSJOBNAME=‘JOB_NAME‘
)
)
AND B.PRCSJOBNAME=’JOB_NAME‘;
QUERY 2 TO FIND THE ROLES THAT HAVE ACCESS TO RUN THE JOB
SELECT DISTINCT ROLENAME
FROM PSROLECLASS
WHERE CLASSID IN
(SELECT DISTINCT CLASSID
FROM PSAUTHPRCS
WHERE PRCSGRP IN
(SELECT PRCSGRP FROM PS_PRCSJOBGRP WHERE PRCSJOBNAME=‘JOB_NAME‘
)
);
QUERY 3 TO CHECK IF USER HAS ANY OF THE ROLES THAT HAVE ACCESS TO RUN THE JOB
SELECT ROLENAME
FROM PSROLEUSER
WHERE ROLEUSER=‘OPRID’
AND ROLENAME IN
(SELECT DISTINCT ROLENAME
FROM PSROLECLASS
WHERE CLASSID IN
(SELECT DISTINCT CLASSID
FROM PSAUTHPRCS
WHERE PRCSGRP IN
(SELECT PRCSGRP FROM PS_PRCSJOBGRP WHERE PRCSJOBNAME=‘JOB_NAME‘
)
)
);
If query 3 doesn’t return any rows then it’s confirmed that user doesn’t have required access. To resolve this, you would need to assign a role to the user which has access to permission list defined on the job/process defnition page or add the process group (permission list to which user has access). To check the process groups associated with a job navigate to PeopleTools > Process Scheduler > Jobs.
After you’re done updating job definition to add proper access, make sure to follow the same for the processes that are part of the job, otherwise your job will fail due to the authorization error for the related processes.
QUERY 4 – GET THE PROCESS NAME THAT IS PART OF THE MAIN JOB
SELECT PRCSNAME FROM PS_PRCSJOBITEM WHERE PRCSJOBNAME=‘JOB_NAME’;
QUERY 5 – CHECK IF USER HAS AUTHORITY TO RUN THE PROCESS THAT IS PART OF THE JOB
RUN THE QUERY FOR EACH VALUE RETURNED IN QUERY 4
IF QUERY 5 RETURNS NO ROWS THEN JOB WILL FAIL DUE TO MISSING AUTHORITY FOR THE PROCESS
SELECT ROLENAME
FROM PSROLEUSER
WHERE ROLEUSER=‘OPRID’
AND ROLENAME IN
(SELECT DISTINCT ROLENAME
FROM PSROLECLASS
WHERE CLASSID IN
(SELECT DISTINCT CLASSID
FROM PSAUTHPRCS
WHERE PRCSGRP IN
(SELECT PRCSGRP FROM PS_PRCSDEFNGRP WHERE PRCSNAME= ‘PRCS_NAME’
)
)
);
Once you found out the processes that have missing process group security attached to it, you can update the related process definition by navigation to PeopleTools > Process Scheduler > Processes.