Debug Read only access

Hi Team,

Recently, we upgraded SailPoint IdentityIQ from version 8.3 to 8.4. As part of this upgrade, SailPoint introduced new Debug Page access features. We are currently trying to grant read-only access to the Debug Page for a user. However, when the user attempts to access the Debug Page, the following error occurs.

Steps:

1. Logging with admin users.
2. Select the user then assign view debug page read only access from user rights
3. Try to access debug page with that user.

Access denied. You don’t have the capability required to view the requested page.

Hi @sureshbommareddy98

This is OOTB feature of SailPoint that is introduced in 8.4. Have you tried checking the user profile whether that capability is saved or not to the user profile.

Thanks

Manish Singh

@sureshbommareddy98 You need to assign “DebugPagesReadOnlyAccess” cabality to the user to allow them to access Debug in read only mode.

Note: Found a fix? Help the community by marking the comment as solution. Feel free to react(, , etc.) with an emoji to show your appreciation or message me directly if your problem requires a deeper dive.

I can see that capability assigned to user in debug as well

IMG_20260216_1425321920×1440 828 KB

@sureshbommareddy98 Have you tried log out and re-login after assigning the capability?

Yes, I tried in incognito window

Since “View Debug Pages Read Only” is already assigned and you’ve re-logged in, please also try assigning “View Admin Console” temporarily and test again.
In 8.4, Debug access may still require Admin Console visibility. Also ensure the capability is saved properly and no scope restrictions are applied thanks.

I have assigned view admin console as well however still seeing error

Dear @sureshbommareddy98

Greetings!

Please check below topic: FullAccessMemoryPage capability added for members of a workgroup not working

Tested in my sandbox: IIQ8.5
Without any capability:

image598×235 6.86 KB

after selecting: View Debug Pages Read Only, save it.

image858×613 22.8 KB

I can see the expected result:

image430×553 9.8 KB

Please check the below config present.

image1141×333 36.7 KB

Look at identity cube: whether the capability is assigned.

image2001×819 98.1 KB

Dear @sureshbommareddy98

Please do create new capability with below:

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Capability PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Capability created="" displayName="capability_debug_pages_read_only_access" id="" modified="" name="DebugPagesReadOnlyAccess-Test">
  <Description>capability_desc_debug_pages_read_only_access</Description>
  <RightRefs>
    <Reference class="sailpoint.object.SPRight" id="" name="ViewAccessAboutPage"/>
    <Reference class="sailpoint.object.SPRight" id="" name="ViewAccessDebugPage"/>
    <Reference class="sailpoint.object.SPRight" id="" name="ViewAccessMemoryPage"/>
    <Reference class="sailpoint.object.SPRight" id="" name="ViewAccessCachesPage"/>
    <Reference class="sailpoint.object.SPRight" id="" name="ViewAccessCountPage"/>
    <Reference class="sailpoint.object.SPRight" id="" name="ViewAccessBeansPage"/>
    <Reference class="sailpoint.object.SPRight" id="" name="ViewAccessThreadsPage"/>
    <Reference class="sailpoint.object.SPRight" id="" name="ViewAccessMetersPage"/>
    <Reference class="sailpoint.object.SPRight" id="" name="ViewAccessMetersGridPage"/>
    <Reference class="sailpoint.object.SPRight" id="" name="ViewAccessLoggingPage"/>
    <Reference class="sailpoint.object.SPRight" id="" name="ViewAccessDatabasePage"/>
    <Reference class="sailpoint.object.SPRight" id="" name="ViewAccessConnectionsPage"/>
  </RightRefs>
</Capability>

assign this to user and validate it, I hope this will fix your issue.

Note:
Mark the Solution: Help the community by marking the correct comment as the Solution.

Show appreciation: Feel free to react with an emoji (, , etc.) to let others know the post was helpful.

Need more help? Message me directly if your issue requires a deeper dive.

Please check your WebResource configuration object and ensure the updates made in 8.4 are present within your environment

Thanks for the update..I didn’t see the viewdebug page access spright in the websource. Can you please provide the sample key

It wouldn’t just be one key, there are several keys given how many SPRights the DebugPagesReadOnlyAccess capability gives. Here’s a snippet

<WebResource rights="ViewAccessBeansPage,FullAccessBeansPage" url="debug/beans.*"/>
<WebResource rights="ViewAccessThreadsPage,FullAccessThreadsPage" url="debug/threads.*"/>
<WebResource rights="ViewAccessAboutPage,FullAccessAboutPage" url="debug/about.*"/>
<WebResource rights="ViewAccessMemoryPage,FullAccessMemoryPage" url="debug/memory.*"/>
<WebResource rights="ViewAccessMetersPage,FullAccessMetersPage" url="debug/meters.*"/>
<WebResource rights="ViewAccessLoggingPage,FullAccessLoggingPage" url="debug/logging.*"/>
<WebResource rights="ViewAccessDatabasePage,FullAccessDatabasePage" url="debug/database.*"/>
<WebResource rights="ViewAccessDebugPage,FullAccessDebugPage" url="debug/debug.*"/>
<WebResource rights="ViewAccessCachesPage,FullAccessDebugPage" url="debug/caches.*"/>
<WebResource rights="ViewAccessActiveMQPage,FullAccessDebugPage" url="debug/activemq.*"/>
<WebResource rights="ViewAccessConnectionsPage,FullAccessDebugPage" url="debug/connections.*" />

It’s probably easier to compare your WebResource object in your environment to the WebResource object found in your 8.4 war. Can be found WEB-INF/config/webResource.xml