cancel
Showing results for 
Search instead for 
Did you mean: 

Why do you need to be assigned as an administrator to customize your personal dashboard?

dummin
Champ in-the-making
Champ in-the-making

Alfresco Community - 5.2.0 (r130508-b9)

Windows Server 2012 R2

Using LDAP-AD

### AD Sync ###

authentication.chain=alfinst:alfrescoNtlm,ldap1:ldap-ad

ntlm.authentication.sso.enabled=false

ldap.authentication.allowGuestLogin=false

ldap.authentication.userNameFormat=%s@***

ldap.authentication.java.naming.provider.url=ldap://***:389

ldap.authentication.defaultAdministratorUserNames=Administrator, systems

ldap.synchronization.java.naming.security.principal=administrator@***

ldap.synchronization.java.naming.security.credentials=***

ldap.synchronization.groupSearchBase=ou=Groups,ou=Cornerstone Housing,dc=LCHSU,dc=local

ldap.synchronization.userSearchBase=ou=Users,ou=Cornerstone Housing,dc=LCHSU,dc=local

User needs to be assigned to the ' ALFRESCO_ADMINISTRATORS' group in order to change their individual dashboards - including hiding the 'Getting Started' panel from the dashboard or from the customisation page.

When they do try to make changes to their dashboard, alfresco.log spits out the following:

2016-10-27 17:00:29,140 ERROR [org.springframework.extensions.webscripts.AbstractRuntime] [http-apr-9090-exec-10] Exception from executeScript: 09270502 Access Denied.  You do not have the appropriate permissions to perform this operation.

org.alfresco.repo.security.permissions.AccessDeniedException: 09270502 Access Denied.  You do not have the appropriate permissions to perform this operation.

    at org.alfresco.repo.security.permissions.impl.ExceptionTranslatorMethodInterceptor.invoke(ExceptionTranslatorMethodInterceptor.java:57)

    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)

    at org.alfresco.repo.audit.AuditMethodInterceptor.invoke(AuditMethodInterceptor.java:166)

    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)

    at org.alfresco.repo.transaction.RetryingTransactionInterceptor$1.execute(RetryingTransactionInterceptor.java:86)

    at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:464)

    at org.alfresco.repo.transaction.RetryingTransactionInterceptor.invoke(RetryingTransactionInterceptor.java:76)

    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)

    at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)

    at com.sun.proxy.$Proxy20.addAspect(Unknown Source)

    at org.alfresco.repo.web.scripts.bean.ADMRemoteStore.deleteDocument(ADMRemoteStore.java:632)

    at org.alfresco.repo.web.scripts.bean.BaseRemoteStore.execute(BaseRemoteStore.java:302)

    at org.alfresco.repo.web.scripts.RepositoryContainer$3.execute(RepositoryContainer.java:512)

    at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:464)

    at org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecute(RepositoryContainer.java:587)

    at org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecuteAs(RepositoryContainer.java:656)

    at org.alfresco.repo.web.scripts.RepositoryContainer.executeScriptInternal(RepositoryContainer.java:428)

    at org.alfresco.repo.web.scripts.RepositoryContainer.executeScript(RepositoryContainer.java:308)

    at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:399)

    at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:210)

    at org.springframework.extensions.webscripts.servlet.WebScriptServlet.service(WebScriptServlet.java:132)

    at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

    at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

    at org.alfresco.module.aosmodule.service.ContextRootFilter.doFilter(ContextRootFilter.java:93)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

    at org.alfresco.web.app.servlet.GlobalLocalizationFilter.doFilter(GlobalLocalizationFilter.java:68)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)

    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)

    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504)

    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)

    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)

    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)

    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)

    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421)

    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1074)

    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)

    at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2466)

    at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:2455)

    at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

    at java.lang.Thread.run(Unknown Source)

Caused by: net.sf.acegisecurity.AccessDeniedException: Access is denied.

    at net.sf.acegisecurity.vote.AffirmativeBased.decide(AffirmativeBased.java:86)

    at net.sf.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:398)

    at net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:77)

    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)

    at org.alfresco.repo.security.permissions.impl.ExceptionTranslatorMethodInterceptor.invoke(ExceptionTranslatorMethodInterceptor.java:53)

    ... 48 more

This seems odd as this should be a pretty rudimentary function that shouldn't require elevated privileges

Any ideas? Could there be a conflict with the AD?

I've trolled the forums but can't seem to find anything...surely this isn't unique?

3 REPLIES 3

kaynezhang
World-Class Innovator
World-Class Innovator

No ,not need to be an administrator to customize personal dashboard.

is this all log information in alfresco.log? could you please attach alfresco.log file here?

jpotts
World-Class Innovator
World-Class Innovator

Hmm, I just reproduced this on 201609-EA running on Mac OS with Alfresco NTLM users.

jpotts
World-Class Innovator
World-Class Innovator

Craig Dummin​ given that I was able to reproduce this on an out-of-the-box install of 201609-EA without using LDAP and with no other customizations installed, I'd say this is a bug. I did a quick search on Jira and saw nothing, but I didn't look too thoroughly.

Maybe you could also give Jira a scrub and then create a new issue if you cannot find one?

Also, if you were trying to use Alfresco Community Edition in production, you should be using 201605-GA, which is currently the latest stable release.