Description
If any user is a part of the “root” group in Enterprise Manager this grants that specific user special admin privileges regardless of what type of user OR user role that they are in.
In example..
If a user is tied to a user role where they cant seen specific cameras on a server but also belong to the root group, they will still be able to see those cameras.
Product
ExacqVision Enterprise Manager
Any Exacq brand NVR
If the DigiCert Trusted Root G4 Certificate is missing, exacqVision Software updates downloaded from exacq.com or initiated within exacqVision Client, will report a signature error.
For Instructions on exacqVision Enterprise Manager version 22.03 or older see Knowledge Base Article #12724
For a trusted certificate, it is recommended that you purchase a third-party intermediate certificate from one of many online providers. If you are using a third-party certificate you may skip ahead to the section titled, “Obtaining a Third-Party Certificate”.
These steps will detail how to create a self-signed certificate, but be aware that web browsers will warn users that the certificate is untrusted if you are using a self-signed certificate or one from a private/internal certificate authority.
1) Click on the Windows Start button and type ‘CMD’. Right-click on the CMD icon and choose ‘Run as Administrator’.
2) Set the environmental variable that will be used by OpenSSL later by typing:
set OPENSSL_CONF=C:\Program Files\exacqVision\EnterpriseManager\apache\conf\openssl.cnf
Press Enter.
3) Change your working directory by typing:
cd "C:\Program Files\exacqVision\EnterpriseManager\apache\bin\"
Press Enter.
4) Create a certificate request by typing:
openssl req -new -out %USERPROFILE%\Desktop\server.csr
Press Enter.
You will be prompted to enter a PEM pass phrase. Enter anything you like but you will need to re-enter this in the following steps.
PEM pass phrase:
5) You will be prompted with several questions for the certificate, answer these according to your needs. COMMON NAME should be the IP address or FQDN that users will access to reach the ESM web site (ex. www.domain.com or esmserver.domain.com).
6) Remove the pass phrase by typing:
openssl rsa -in privkey.pem -out %USERPROFILE%\Desktop\server.key
Press Enter.
You will be prompted to enter the pass phrase you created in step 4. Enter this pass phrase and press Enter.
7) Set the expiration date for the certificate by typing:
openssl x509 -in %USERPROFILE%\Desktop\server.csr -out %USERPROFILE%\Desktop\server.crt -req -signkey %USERPROFILE%\Desktop\server.key -days 365
Press Enter.
8) Copy the resulting files from your Desktop to the cd "C:\Program Files\exacqVision\EnterpriseManager\apache\conf\" directory.
These instructions were tested with exacqVision Enterprise Manager 20.09 running on Ubuntu 18.04
Step 1 Create self-signed Cert and Key files
cd /usr/local/exacq/esm/apache/conf/sudo openssl req -new -x509 -sha256 -days 365 -nodes -out server.crt -keyout server.keyYou will be prompted with a series of questions.
– Use data specific to your site.
– Items can be left blank with the exception of Common Name
– Common Name (e.g. server FQDN or YOUR name) should be the IP address of EM Server
Step 2 Validate the Cert and Key files
sudo openssl x509 -noout -modulus -in /usr/local/exacq/esm/apache/conf/server.crt | openssl md5sudo openssl rsa -noout -modulus -in /usr/local/exacq/esm/apache/conf/server.key | openssl md5Verify the md5 hashes match, if they DO NOT then see the troubleshooting section below before proceeding.
Step 3 Edit Apache Configuration
cd /usr/local/exacq/esm/apache/conf/extrasudo gedit httpd-ssl.confMake the following changes, save the file and then close gedit.
Step 4 Restart the enterprise-webservice
sudo service enterprise-webservice stopsudo service enterprise-webservice start<br>
If you are planning to acquire a third-party certificate from a trusted provider, you may need to provide them with a Certificate Signing Request (CSR) file.
You may use our tool at the following URL to generate a CSR file. https://exacq.com/support/gencsr/
Enter all the fields click on the ‘Submit’ button to download the ZIP file. Inside this ZIP file is the CSR file and RSA key to give to your certificate provider.
If you purchased a chained certificate, be sure to download the appropriate intermediate bundle.
Once you have downloaded the files from your provider:
Place the renamed files from your Certificate Authority (CA) into the following directory:
When purchasing an SSL certificate, many providers offer an Intermediate Bundle, or additional certificates that must be present to link your certificate to a root certification authority. Usually the provider will have documentation on how to accomplish this with Apache, but it is a good idea to ask them before or during the purchasing process. Exacq is not responsible for making your certificates capable of working with Apache.
It is possible to combine all the intermediate certificates that a provider may give you into one file. Consult your provider for more information.
<br>
Be sure that you have followed the steps above to place the certificate files necessary for either a third-party certificate or a self-signed certificate into the correct directory before continuing with the following steps.
1) Click on the Windows Start menu and find the Windows Notepad program. Right-click on this and choose to ‘Run as Administrator’. If you do not run Notepad as an administrator you will be unable to save your changes.
2) With Notepad open, click on the ‘File’ menu and choose ‘Open’ or press CTRL-O on the keyboard.
In the Open browser, change the drop-down menu for File Type from ‘Text Documents (*.txt)’ to ‘All Files (*.*)’.
Use the Open browser to open the C:\Program Files\exacqVision\EnterpriseManager\apache\conf directory and highlight the file titled ‘httpd.conf’ then click ‘Open’.
3) Find the following line:
LoadModule ssl_module modules/mod_ssl.so
Remove any pound (#) sign in front of this line if there is one.
Now, find the following line:
Include conf/extra/httpd-ssl.conf
Remove any pound (#) sign in front of this line if there is one.
Save the file.
4) Still using Notepad, open the file titled ‘httpd-ssl.conf’ located in C:\Program Files\exacqVision\EnterpriseManager\apache\conf\extra
Find the following line:
ServerName www.example.com:443
Change the ‘www.example.com’ portion of this line to ‘localhost’.
Save the file and close the window.
5) Restart the solrApache or exacqVision Enterprise Manager Apache in Windows services (services.msc).
1) Open a Terminal prompt.
2) Change your working directory by typing:
cd /usr/local/exacq/esm/apache/conf
Press Enter.
3) You may use any editor you feel comfortable with, such as vi or nano, but if your are more inclined to using a graphical interface you may use a program called ‘gedit’ to make the following changes.
In the Terminal, type:
sudo gedit httpd.conf
Press Enter.
4) Find the following line:
LoadModule ssl_module modules/mod_ssl.so
Remove any pound (#) sign in front of the line if there is one.
Now, find the following line:
Include conf/extra/httpd-ssl.conf
Remove any pound (#) sign in front of the line if there is one.
Save the file and close the ‘gedit’ editor window to return to the Terminal prompt.
5) In the Terminal, type:
sudo gedit extra/httpd-ssl.conf
Press Enter.
Find the following line:
ServerName www.example.com:443
Change the ‘www.example.com’ portion of this line to ‘localhost’.
Save the file and close the window to return to the Terminal prompt.
6) Restart the service in the Terminal by typing:
sudo service ESMWebservice restart
<br>
If you want to force users who try to access the site on port 80, using HTTP, to use the secure HTTPS connection you will need to enable a redirection.
1) Click on the Windows Start menu and find the Windows Notepad program. Right-click on this and choose to ‘Run as Administrator’. If you do not run Notepad as an administrator you will be unable to save your changes.
2) With Notepad open, click on the ‘File’ menu and choose ‘Open’ or press CTRL-O on the keyboard.
In the Open browser, change the drop-down menu for File Type from ‘Text Documents (*.txt)’ to ‘All Files (*.*)’.
Use the Open browser to open the C:\Program Files\exacqVision\EnterpriseManager\apache\conf directory and highlight the file titled ‘httpd.conf’ then click ‘Open’.
3) Find the following lines:
#RewriteCond %{SERVER PORT} !^443$
#RewriteRule ^/(.*) https://{HTTP_HOST}/$1 [NC,R=301,L]
Remove the pound (#) signs in front of these two lines.
Save the file.
4)Â Restart the solrApache or exacqVision Enterprise Manager Apache service in Windows services (services.msc).
1) You may use any editor you feel comfortable with, such as vi or nano, but if your are more inclined to using a graphical interface you may use a program called ‘gedit’ to make the following changes.
In the Terminal, type:
sudo gedit /usr/local/exacq/esm/apache/conf/httpd.conf
Press Enter.
2) Find the following lines:
#RewriteCond %{SERVER PORT} !^443$
#RewriteRule ^/(.*) https://{HTTP_HOST}/$1 [NC,R=301,L]
Remove the pound (#) signs in front of these two lines.
Save the file and close the ‘gedit’ window to return to the Terminal prompt.
3) Restart the service in Terminal by typing:
sudo service ESMWebservice restart
orsudo service enterprise-webservice restart
<br>
1) Some versions of Internet Explorer do not easily work with services running locally or may display pages incorrectly. If this happens, try clearing the browser’s cache by pressing CTRL-F5 on the keyboard. If the problem is persistent try installing another web browser, such as Chrome.
2) If the solrApache service fails to start after configuring it for SSL:
a) Open the Apache error logs
b) Look for an entry like the following:
[Wed Mar 04 09:08:54.512004 2017] [ssl:emerg] [pid 19116] AH02565: Certificate and private key www.example.com:443:0 from server.crt and server.key do not match AH00016: Configuration Failed
c) If you see this log entry, complete the following steps:
1) Change your working directory to the location of openssl.exe
2) Run the following commands:
openssl x509 -noout -modulus -in ../conf/server.crt | openssl md5
Press Enter.
openssl rsa -noout -modulus -in ../conf/server.key | openssl md5
Press Enter.
openssl req -noout -modulus -in ../conf/server.csr | openssl md5
Press Enter.
3) Compare the resulting values output after running each of the preceding commands. Each resulting string should be identical. If the values do not match, confer with the certificate authority that issued the certificate.
*There appears to have been a slight bug in the presentation recording where the video recording did not capture the videos being played on the screen. The links below will provide access to the PowerPoint file and individual demonstration videos.
Bug Fix – Removed limit of 256 devices displayed for Access Control plugins, only visible when using Access Control with Associations or Maps
Bug Fix – Fixed issue with Illustra3 and Illustramultipi that could cause cameras to be stuck in a Connecting state after reboot
Bug Fix – Fixed issue where Edgestor was not backfilling data from Illustra3pi cameras due to Edgestor crash, leaving gaps on server recordings
Bug Fix – Fixed quality setting for Illustramultipi
Bug Fix – Fixed issue with trigger inputs/alarm outputs for Illustramultipi
Bug Fix – Added retry logic on API errors for napcopi, Napco uses IIS which has a recycle time that caused authentication to fail, fix adds retry logic if error received
Bug Fix – Fixed issue causing credentials for RTSP Server not to be updated properly
Bug Fix – Corrected issue where Date/Time page was greyed out on Win7 machines
Bug Fix – Fixed issue where Dynacolor devices may repeatedly reset after user presses Reset button on PoE port in Client.
Bug Fix – Fixed viewing Live Analytics for Flex3 cameras
Bug Fix – Fixed issue where closing video stream did not close metadata stream from Illustra3pi
Bug Fix – Fixed propagating motion alarms on disabled context streams on Illustra3pi
Bug Fix – Fixed setting transport and re-reading URL for continuous metadata from Illustra3pi
Bug Fix – For Illustra3pi and Illustramultipi, use friendly name for analytics that provide bounding box
Enhancement – Added motion support for March Network cameras using Onvif
Enhancement – Support for Redvision RVX2 added to Onvif plugin
Enhancement – Support for Sunell with transport RTSP added for Onvif
Enhancement – Improvements made for Last Motion event on context streams
Enhancement – Adjustments made to parsing Audio Output name for Illustramultipi
Enhancement – Removed eDVR and XDVAPI license handling
Enhancement – §Homogenized analytic values for Axis, Samsung/Hanwha, Tycodlpi; Presents “Person” instead of “Human”, “Bicycle” instead of “Bike”
Enhancement – Added support for Axis’ new metadata style used in their 11.0 firmware
Feature – Added support for vehicle and clothing color provided by Illustra3pi and Illustramultipi cameras
Bug Fix – Reset search item flags when sending new search requests, fixes issue when Search stops working if server connection lost mid-search
Bug Fix – Don’t send scrub request if waiting for summary response
Bug Fix – Prevent potential crash on Association config page if a camera with associations was deleted
Bug Fix – Initialize Digital PTZ settings to Client settings when plugin does not send them, related to changes made for body worn cameras
Bug Fix – Prevent toast messages for streaming BWCs on system disconnect
Bug Fix – Reset camera connection status on system disconnect
Bug Fix – Disabled BWC audio devices on Audio configuration page
Bug Fix – Prevent security integration sources from being displayed twice in bookmark editing tree
Bug Fix – Fixed potential crash when adding new IP serial port and config update occurs
Bug Fix – Prevent client crash with double-clicking on grid divider in List View
Bug Fix – Prevent client crash on OSX when clicking calendar controls
Bug Fix – Fixed issue with export failure if config page options in settings file
Enhancement – Prevent some analytic search filters that didn’t make sense, non-sensical combinations of operator logic
Enhancement – Don’t request event data in response to Show Conditions panel, caused Search to stop working when connection to Server was lost mid-search
Enhancement – Display analytic colors above bounding boxes
Bug Fix – Added libreadline8 dependency for the Ubuntu 22.04 installer
Bug Fix – Fix made to data races related to search and discovery
Bug Fix – Update search session keep alive when search frame is retrieved
Enhancement – Add search only status to cameras and audio streams
Bug Fix – Fixed issue where Number of Servers Connected displayed in menu bar was incorrect
Bug Fix – Disable Autocorrect for Add Server page
Bug Fix – Removed Delete icon from Focus View mode
Bug Fix – Accidental scrub bar touches open Focus View
Bug Fix – Fixed issue with truncated camera pagination
Bug Fix – Fixed issue where rotating to landscape display and back made bottom row OSDs disappear
Bug Fix – Fixed issue where software was crashing when searching using server time
Bug Fix – Corrected issue where Views on iOS were not loading video
Bug Fix – Case sensitive issue on Add Server page, client did not handle adding system with capital letters in address
Bug Fix – Mobile app Login button not responding to EM sync login
Enhancement – Hide Search Only cameras from Live
Feature – Remove the data usage prompts and data collection, temp removal for launch due to requirements by Apple
Bug Fix – Fixed showing deleted servers in the search results
Bug Fix – Fixed server configs from being checked for failover or updates
IMPORTANT For Instructions on current versions of exacqVision Enterprise Manager versions 22.06 or higher see Knowledge Base Article #12804
For a trusted certificate, it is recommended that you purchase a third-party intermediate certificate from one of many online providers. If you are using a third-party certificate you may skip ahead to the section titled, “Obtaining a Third-Party Certificate”.
These steps will detail how to create a self-signed certificate, but be aware that web browsers will warn users that the certificate is untrusted if you are using a self-signed certificate or one from a private/internal certificate authority.
1) Click on the Windows Start button and type ‘CMD’. Right-click on the CMD icon and choose ‘Run as Administrator’.
2) Set the environmental variable that will be used by OpenSSL later by typing:
set OPENSSL_CONF=C:\Program Files\exacqVision\EnterpriseManager\apache_solr\apache2\conf\openssl.cnf
Press Enter.
3) Change your working directory by typing:
cd "C:\Program Files\exacqVision\EnterpriseManager\apache_solr\apache2\bin"
Press Enter.
4) Create a certificate request by typing:
openssl req -new -out %USERPROFILE%\Desktop\server.csr
Press Enter.
You will be prompted to enter a PEM pass phrase. Enter anything you like but you will need to re-enter this in the following steps.
PEM pass phrase:
5) You will be prompted with several questions for the certificate, answer these according to your needs. COMMON NAME should be the IP address or FQDN that users will access to reach the ESM web site (ex. www.domain.com or esmserver.domain.com).
6) Remove the pass phrase by typing:
openssl rsa -in privkey.pem -out %USERPROFILE%\Desktop\server.key
Press Enter.
You will be prompted to enter the pass phrase you created in step 4. Enter this pass phrase and press Enter.
7) Set the expiration date for the certificate by typing:
openssl x509 -in %USERPROFILE%\Desktop\server.csr -out %USERPROFILE%\Desktop\server.crt -req -signkey %USERPROFILE%\Desktop\server.key -days 365
Press Enter.
8) Copy the resulting files from your Desktop to the C:\Program Files\exacqVision\EnterpriseManager\apache_solr\apache2\conf\ directory.
These instructions were tested with exacqVision Enterprise Manager 20.09 running on Ubuntu 18.04
Step 1 Create self-signed Cert and Key files
cd /usr/local/exacq/esm/apache_solr/apache2/conf/sudo openssl req -new -x509 -sha256 -days 365 -nodes -out server.crt -keyout server.keyYou will be prompted with a series of questions.
– Use data specific to your site.
– Items can be left blank with the exception of Common Name
– Common Name (e.g. server FQDN or YOUR name) should be the IP address of EM Server
Step 2 Validate the Cert and Key files
sudo openssl x509 -noout -modulus -in /usr/local/exacq/esm/apache_solr/apache2/conf/server.crt | openssl md5sudo openssl rsa -noout -modulus -in /usr/local/exacq/esm/apache_solr/apache2/conf/server.key | openssl md5Verify the md5 hashes match, if they DO NOT then see the troubleshooting section below before proceeding.
Step 3 Edit Apache Configuration
cd /usr/local/exacq/esm/apache_solr/apache2/conf/extrasudo gedit httpd-ssl.confMake the following changes, save the file and then close gedit.
Step 4 Restart the enterprise-webservice
sudo service enterprise-webservice stopsudo service enterprise-webservice start<br>
If you are planning to acquire a third-party certificate from a trusted provider, you may need to provide them with a Certificate Signing Request (CSR) file.
You may use our tool at the following URL to generate a CSR file. https://exacq.com/support/gencsr/
Enter all the fields click on the ‘Submit’ button to download the ZIP file. Inside this ZIP file is the CSR file and RSA key to give to your certificate provider.
If you purchased a chained certificate, be sure to download the appropriate intermediate bundle.
Once you have downloaded the files from your provider:
Place the renamed files from your Certificate Authority (CA) into the following directory:
When purchasing an SSL certificate, many providers offer an Intermediate Bundle, or additional certificates that must be present to link your certificate to a root certification authority. Usually the provider will have documentation on how to accomplish this with Apache, but it is a good idea to ask them before or during the purchasing process. Exacq is not responsible for making your certificates capable of working with Apache.
It is possible to combine all the intermediate certificates that a provider may give you into one file. Consult your provider for more information.
<br>
Be sure that you have followed the steps above to place the certificate files necessary for either a third-party certificate or a self-signed certificate into the correct directory before continuing with the following steps.
1) Click on the Windows Start menu and find the Windows Notepad program. Right-click on this and choose to ‘Run as Administrator’. If you do not run Notepad as an administrator you will be unable to save your changes.
2) With Notepad open, click on the ‘File’ menu and choose ‘Open’ or press CTRL-O on the keyboard.
In the Open browser, change the drop-down menu for File Type from ‘Text Documents (*.txt)’ to ‘All Files (*.*)’.
Use the Open browser to open the C:\Program Files\exacqVision\EnterpriseManager\apache_solr\apache2\conf directory and highlight the file titled ‘httpd.conf’ then click ‘Open’.
3) Find the following line:
LoadModule ssl_module modules/mod_ssl.so
Remove any pound (#) sign in front of this line if there is one.
Now, find the following line:
Include conf/extra/httpd-ssl.conf
Remove any pound (#) sign in front of this line if there is one.
Save the file.
4) Still using Notepad, open the file titled ‘httpd-ssl.conf’ located in C:\Program Files\exacqVision\EnterpriseManager\apache_solr\apache2\conf\extra
Find the following line:
ServerName www.example.com:443
Change the ‘www.example.com’ portion of this line to ‘localhost’.
Save the file and close the window.
5) Restart the solrApache service in Windows services (services.msc).
1) Open a Terminal prompt.
2) Change your working directory by typing:
cd /usr/local/exacq/esm/apache_solr/apache2/conf
Press Enter.
3) You may use any editor you feel comfortable with, such as vi or nano, but if your are more inclined to using a graphical interface you may use a program called ‘gedit’ to make the following changes.
In the Terminal, type:
sudo gedit httpd.conf
Press Enter.
4) Find the following line:
LoadModule ssl_module modules/mod_ssl.so
Remove any pound (#) sign in front of the line if there is one.
Now, find the following line:
Include conf/extra/httpd-ssl.conf
Remove any pound (#) sign in front of the line if there is one.
Save the file and close the ‘gedit’ editor window to return to the Terminal prompt.
5) In the Terminal, type:
sudo gedit extra/httpd-ssl.conf
Press Enter.
Find the following line:
ServerName www.example.com:443
Change the ‘www.example.com’ portion of this line to ‘localhost’.
Save the file and close the window to return to the Terminal prompt.
6) Restart the service in the Terminal by typing:
sudo service ESMWebservice restart
<br>
If you want to force users who try to access the site on port 80, using HTTP, to use the secure HTTPS connection you will need to enable a redirection.
1) Click on the Windows Start menu and find the Windows Notepad program. Right-click on this and choose to ‘Run as Administrator’. If you do not run Notepad as an administrator you will be unable to save your changes.
2) With Notepad open, click on the ‘File’ menu and choose ‘Open’ or press CTRL-O on the keyboard.
In the Open browser, change the drop-down menu for File Type from ‘Text Documents (*.txt)’ to ‘All Files (*.*)’.
Use the Open browser to open the C:\Program Files\exacqVision\EnterpriseManager\apache_solr\apache2\conf directory and highlight the file titled ‘httpd.conf’ then click ‘Open’.
3) Find the following lines:
#RewriteCond %{SERVER PORT} !^443$
#RewriteRule ^/(.*) https://{HTTP_HOST}/$1 [NC,R=301,L]
Remove the pound (#) signs in front of these two lines.
Save the file.
4) Restart the solrApache service in Windows services (services.msc).
1) You may use any editor you feel comfortable with, such as vi or nano, but if your are more inclined to using a graphical interface you may use a program called ‘gedit’ to make the following changes.
In the Terminal, type:
sudo gedit /usr/local/exacq/esm/apache_solr/apache2/conf/httpd.conf
Press Enter.
2) Find the following lines:
#RewriteCond %{SERVER PORT} !^443$
#RewriteRule ^/(.*) https://{HTTP_HOST}/$1 [NC,R=301,L]
Remove the pound (#) signs in front of these two lines.
Save the file and close the ‘gedit’ window to return to the Terminal prompt.
3) Restart the service in Terminal by typing:
sudo service ESMWebservice restart
orsudo service enterprise-webservice restart
<br>
1) Some versions of Internet Explorer do not easily work with services running locally or may display pages incorrectly. If this happens, try clearing the browser’s cache by pressing CTRL-F5 on the keyboard. If the problem is persistent try installing another web browser, such as Chrome.
2) If the solrApache service fails to start after configuring it for SSL:
a) Open the Apache error logs
b) Look for an entry like the following:
[Wed Mar 04 09:08:54.512004 2017] [ssl:emerg] [pid 19116] AH02565: Certificate and private key www.example.com:443:0 from server.crt and server.key do not match AH00016: Configuration Failed
c) If you see this log entry, complete the following steps:
1) Change your working directory to the location of openssl.exe
2) Run the following commands:
openssl x509 -noout -modulus -in ../conf/server.crt | openssl md5
Press Enter.
openssl rsa -noout -modulus -in ../conf/server.key | openssl md5
Press Enter.
openssl req -noout -modulus -in ../conf/server.csr | openssl md5
Press Enter.
3) Compare the resulting values output after running each of the preceding commands. Each resulting string should be identical. If the values do not match, confer with the certificate authority that issued the certificate.
An ownership issue between EM and a protected server will often result in the status of the spare and protected server showing “Failover Locked”.
Some customers might have High CPU usage on their EM servers. In which the CPU runs at 100%.
EM- Version 23.0.3 and older.
Log into the EM server and validate that the importers are running hard. Normally there will be several importer services opened and being used. You will have one that is taxed more than other as it is the brain importer.
Go to the User Role Section and see if there are any user roles with the Trash Can icon next to it. If so this could be an indicator that there is NO User attached to the User Role. In this case there are three options that can be performed.
1. Add at least 1 user to the user role.
2. Unpromote the user role.
3. Delete the user role if it is not needed.
Once we have identified this is the case for the UserRole we NEED to make sure the Postgres DB is in fact growing.
select count(*) from camera_camerapermission
If the table shows millions of entry’s we need to run the following script in pgadmin and execute the query.
delete from camera_camerapermissionwhere id in (select id from (select id, row_number() OVER w as rnumfrom camera_camerapermissionwindow w as ( partition by device_id, permission_id
order by id
)) twhere t.rnum > 1);select count(*) from camera_camerapermission;
When the query is done executing the count will show up with a certain number depending on the tables.
Take note to the count number.
Then start the EM services, and wait a few minutes and execute the query again. select count (*) from camera_camerapermissions
The table will grow for about 24 hours.
This should stop the table from growing at an extremely fast rate which taxes the system CPU.
The table should not be growing.
In Fact when there is a UserRole with no user- the table will bloat.
Engineering has identified the potential cause. This might not be the actual table responsible in all situations. However they have began a new ticket in Jira to investigate this and make sure we put a fail safe into prohibit the creation of an Empty User Role.
Original Issue seen in:
Jira- AES-16
Trac 19900
Current Ticket AES-465
