Description
This article describes the error observed when trying to edit or delete a credential on the FortiSIEM.
Solution
By default, FortiSIEM does not allow to edit or delete a credential created by another admin user.
In case there is no access possible to the original admin account that is used to create the credential, or if the admin account has been deleted, apply the following workaround:1) SSH into the super
2) Enter the PSQL database
[root@fsm02 ~]# psql -U phoenix -d phoenixdb
3) Enter the following command to retrieve the table information:#phoenixdb=> select id, owner_id, name from ph_device_access;4) Locate the credential to edit or delete (In this case: Azure)
id | owner_id | name
---------+----------+------------
1173700 | 500151 | SIEM
1173701 | 500151 | SSH
1173702 | 500151 | Azure
1305101 | 500151 | Jim
1305102 | 1305968 | Jimmy
1402400 | 1352950 | LDAPOU
1305100 | 1352950 | LDAP
1453800 | 1352950 | 10.47.1.75
5) Execute the following command to update the owner_id to an id of an admin account that is currently accessible:#phoenixdb=> update ph_device_access set owner_id='<your id>' where id='<id of the credential>';6) Verify that the owner_id information is being updated:
phoenixdb=> update ph_device_access set owner_id=1352950 where id=1173702;
UPDATE 1
phoenixdb=> select id, owner_id, name from ph_device_access;7) Now verify that the credential can be deleted or edited:
id | owner_id | name
---------+----------+------------
1173700 | 500151 | SIEM
1173701 | 500151 | SSH
1305101 | 500151 | Jim
1305102 | 1305968 | Jimmy
1402400 | 1352950 | LDAPOU
1305100 | 1352950 | LDAP
1453800 | 1352950 | 10.47.1.75
1173702 | 1352950 | Azure
Alternatively, the owner_id can be set to 0, but do take note that setting the owner_id to 0 allows any admin users to edit or delete the credential.
