I recently ran into "Access denied U00000009" errors when trying to delete some dashboards that users had created. I have full administrator access to the AE system, so I was surprised that there were user-created objects I could not delete.
I opened a ticket with Broadcom and was essentially told that the AE is working as designed. Private dashboards are marked private using object-level authorizations. Users other than the creator will not be able to do
anything with these objects, even if they have full access to all objects in the AE system.
Broadcom recommended that I ask each user to change their dashboards to public so that I can delete them. I pointed out that some of the users do not exist anymore, and Broadcom replied that I should in that case re-create these users, log in as them, and then delete the dashboards. (This surely won't work either, because the new USR_OH_Idnr will not match the OACL_AuthIdnr of the existing entries.)
You can list private dashboards and their owners using the following SQL query.
select DASHOH.OH_Name,OACL_OH_Idnr,OACL_Lnr,OACL_AuthType,OACL_AuthIdnr,OACL_BitCode,
OACL_Prohibition,USROH.OH_NAME, USR_FirstName || ' ' || USR_LastName as USR_Name, USR_EMail1
from OH DASHOH
left outer join OACL on DASHOH.OH_IDnr = OACL_OH_Idnr
left outer join USR on OACL_AuthIdnr = USR_OH_Idnr
left outer join OH USROH on USR_OH_Idnr = USROH.OH_Idnr
where 1=1
and DASHOH.OH_OType = 'DASH'
and DASHOH.OH_DeleteFlag = 0
Broadcom also mentioned an unsupported and 'not recommended' way: removing OACL entries directly from the DB. An SQL DELETE statement can be used to delete the object-level permissions from an object. E.g.,
delete from OACL where oacl_oh_idnr=...
So far, Broadcom Support has been unwilling or unable to provide a supported way for an AE system administrator to remove private dashboards. The upshot of this that it is not possible for an administrator to remove private dashboards without running unsupported SQL DELETE statements. For each dashboard, the owner of the dashboard must still exist in the system, and this user must perform the deletion.