This is a quick post for my future reference and I hope it helps someone in the future…
If you deploy a view to BAM then try to add a user or windows group to the view using the “bm.exe add-account” command and it fails telling you that “The SQL role for the specified view is missing”, then you need to remove the view and re-add it. As the message says, the role for the view does not exist on the server. Prior to adding the account to the view BAM calls the bam_Metadata_ManageSecurity stored procedure in the BAMPrimaryImport database. The first thing this does is check if the SQL database role called “bam_viewname” exist… For some obscure reason it wasn’t created the first time and removing and re-adding the view worked.
The second one I ran into today was that my login had correctly been added to the BAM Portal users windows group but I still kept getting asked to enter my credentials when browsing to it and it still failed with “URL authorization failed for the request”messages in the event log from ASP.NET 2.0. To fix this I needed to update the w3svc service to use NTLM as the authentication provider:
c:\Inetpub\AdminScripts\cscript adsutil.vbs SET w3svc/NtAuthenticationProviders “NTLM”