Hyland Connect

lnfalandino · ‎06-18-2008

I'm having an issue where only my administrative account is able to update its own user profile. A normal user when attempting to submit changes to their profile gets this error:

A system error happened during the operation: Access Denied. You do not have the appropriate permissions to perform this operation.‍

No errors or exceptions in the alfresco log. Does anyone have any suggestions on what might be causing this? I can't really seem to find what permissions would control this.

Thanks in advance,
Naim

algoworks · ‎06-28-2008

Alfresco uses Acegi security to apply permissions. You can find all permissions defined in public-services-security-context.xml

e.g. The bean "NodeService_security" defines method level permissions in NodeService. Similarly, it has other permissions defined for different Service methods.

ACL_ALLOW means giving permissions to everyone. Whatever method you are trying to access to edit profile, search the method in the <Corresponding>Service_security bean and make it ACL_ALLOW.

Hope this will help. Get back in case of any issues.

Algoworks Alfresco Team
http://www.algoworks.com

jruscio · ‎10-06-2008

Seeing the same issue, can you be more specific about the modifications to make? I looked in that file and nothing directly references "profile". Using plain LDAP integration i.e. "simple". Logging in works fine, but user's cannot set their email addresses, and without email addresses, you can't add them to Alfresco "Share" sites.

This is really frustrating since everything else seems to be in place for this to be a great product.

jtp · ‎02-04-2009

I've got this happening to my non-admin users too. In the alfresco interface they get the "A system error has occurred" mentioned above. In /share, they just get a browser "Error on page" which leads to the following message:


Line:  1942
Char:  16
Error:  'status' is null or not an object
Code:  0
URL:  http://mysite:8080/share/page/user/-usergoeshere-/profile
‍‍‍‍‍‍‍

I tried modifying the personservice_security in public-services-security-context.xml. I changed the setpersonproperties line from this:
org.alfresco.service.cmr.security.PersonService.setPersonProperties=ACL_METHOD.ROLE_ADMINISTRATOR
to this:
org.alfresco.service.cmr.security.PersonService.setPersonProperties=ACL_ALLOW

and restarted alfresco. Non-admins still can't modify their profile or set a picture.

jtp · ‎02-04-2009

To be sure, I took a non-admin user who was receiving the errors, added them to the ALFRESCO_ADMINISTRATORS group and they were able to modify their profile on either interface with no other changes. So it's definitely a permissions issue but I don't know which one to modify. All help would be appreciated.

mikeh · ‎02-12-2009

There are some suggestions for workarounds in the associated JIRA issues:
https://issues.alfresco.com/jira/browse/ETHREEOH-1200
and
https://issues.alfresco.com/jira/browse/ETHREEOH-1239

For example, using LDAP sync seems to solve it. The issue stems from users created via the webscript, LDAP sync creates users through a different path which adds the correct ownable aspect and property. The other solution suggested cloning the webscript and making sure it sets the aspect and property as required.

Thanks,
Mike

ed_mann · ‎04-24-2009

What specifically needs to be done to fix this? I see in the tickets for this item that it was fixed, but the Labs version does not get SPs. I am wanting to deploy Alfresco to our users, however with them unable to edit their profile i don't feel the product will be well accepted. What specifically do i need to change to allow users to edit their profile? what files? Do i need to checkout for svn and rebuild anything? Can i run something against the database to set the correct permissions? I am running LDAP against AD, and Sync does not work. I have commented on another ticket about that issue as well. Sync will get the first 1000 or so users, but not all of them.

Thanks.

Hyland Connect

Non-admin users unable to update user profile