When running ./rsautil manage-readonly-dbusers CLU with the -n option, the expected result is that the user is created, and the subnet is allowed to access. The user is created, but the subnet is not accessible.
Firewall, iptables, does not allow to the subnet specified. For example:
You created a new database readonly user using the command below. Where -X (debug mode) -a (action - create) -o (OC user) -u (new db username) -i (IP address of client) -n (IP mask of client machine(s)).
rsaadmin@am82p:/opt/rsa/am/utils> ./rsautil manage-readonly-dbusers -X -a create -o ocadmin -u dbreaduser -i 10.114.187.0 -n 255.255.255.0
Enter Operations Console (OC) password: <enter Operations Console admin password>
Enter password for the read-only database user: <enter read-only database user password>
Confirm password for the read-only database user: <re-enter read-only database user password>
Executing action: 'create'.
Trusted Root SSL CA certificate was copied in file '/opt/rsa/am/utils/RSAAMTrustedRootSSLCA.crt'.
'create' action complete.
Cat the pg_hba.conf file for the name of the read only user:
login as: rsaadmin
Using keyboard-interactive authentication.
Password: <enter operating system password>
Last login: Thu Jan 2 15:50:00 2020 from jumphost.vcloud.local
RSA Authentication Manager Installation Directory: /opt/rsa/am
rsaadmin@am82p:~> cd /opt/rsa/am/utils
rsaadmin@am82p:~> sudo su -
rsaadmin's password: <enter operating system password>
Edit /etc/sysconfig/iptables. For example, change from /32, as shown: