We've just started getting the following UI expression error in all our lower environments:
Expression evaluation error [evaluation ID = 59de2:e8179] in rule 'u1b_com_workitemsgrid' (called by rule 'u1b_ui_workitemsdashboard') at function a!gridField [line 5]: A grid component [label="null"] has an invalid value for "columns". A grid column [label="Team"] has encountered an error. Expression evaluation error in rule 'u1b_getdirectgroupnamesforanuser' at function 'getgroupsformemberuser' [line 20]: The user Incorrect privileges to get groups for user. [User Context: test.user2] does not have sufficient privileges to perform the requested action.
And the follow in the system logs:
2021-09-01 09:36:19,992 [Appian AppianServerThreadPoolProvider 2246648] ERROR com.appiancorp.ps.people.function.GetGroupsForMemberUser - Incorrect privileges to get groups for user. [User Context: test.user2]PrivilegeException[null=>null]: Insufficient permission
Any idea what could be causing it? It only seems to be happening for certain groups, but I've tried changing several group settings (security and visibility settings for groups) and the issue still persists.
Thanks
Discussion posts and replies are publicly visible
This is typically caused by group privacy and visibility settings. Not security.
Can you make the group security as public and group privacy policy as low and check.
Hey Stefan, I've tried changing the privacy and visibility settings of all groups the user is part of and still facing the issue. I've now setup a second account, with membership in the same groups, and there's no error when fetching the groups for this second user. Any idea what else could be causing this?
Hey gayathris, I've tried changing the privacy and visibility settings of all groups the user is part of and still facing the issue. I've now setup a second account, with membership in the same groups, and there's no error when fetching the groups for this second user. Any idea what else could be causing this?
then, try seeing what is the difference between those two user accounts,
1. Are they same? basic user or admin user?2. What are the groups both belongs to?3. Are any of the user's group is restricted?
They're both system administrator account, they both belong to all the same groups/are administrators of all the same groups. Is there anything other than groups that could be affecting this?
Sorry, I never faced this issues with correct privacy and visibility settings.
One more question, have you verified whether the loggedinuser has privilege to see those groups which test.user2 member of?
Check this out also
community.appian.com/.../47877
In case anyone finds themselves in this situation down the line, I found the root cause of the error. The account that was causing the issues had been set as a deployment account in our lower environments, which means it was added to the "Service Accounts" group. Turns out when you add a user to this group, their security role map gets updated so only specific accounts can access that users details. When our basic users were trying to access the details for this account, it was resulting in the error.
I discovered this by checking the role maps of all our users using a foreach with the retrieveusersecurityrolemap() function, from the People Functions plug-in (surprisingly I couldn't find an out of the box way of checking the security role map for users). I then created a process model which used the Modify User Security smart service to revert the changes to the user role map, which fixed the error. I couldn't find any documentation about security role map updates when an account is added to the Service Accounts group, and it seems the only way to access and update a users role map is through the method I mentioned above.