• State Verified Answer
  • Replies 10 replies
  • Answers 1 answer
  • Subscribers 9 subscribers
  • Views 3173 views
  • Users 0 members are here
Related Discussions
Home » Discussions » General

UI Expression Error - Incorrect priviliges to get groups for user

johng0005

We've just started getting the following UI expression error in all our lower environments:

Expression evaluation error [evaluation ID = 59de2:e8179] in rule 'u1b_com_workitemsgrid' (called by rule 'u1b_ui_workitemsdashboard') at function a!gridField [line 5]: A grid component [label="null"] has an invalid value for "columns". A grid column [label="Team"] has encountered an error. Expression evaluation error in rule 'u1b_getdirectgroupnamesforanuser' at function 'getgroupsformemberuser' [line 20]: The user Incorrect privileges to get groups for user. [User Context: test.user2] does not have sufficient privileges to perform the requested action.

And the follow in the system logs:

2021-09-01 09:36:19,992 [Appian AppianServerThreadPoolProvider 2246648] ERROR com.appiancorp.ps.people.function.GetGroupsForMemberUser - Incorrect privileges to get groups for user. [User Context: test.user2]
PrivilegeException[null=>null]: Insufficient permission

Any idea what could be causing it? It only seems to be happening for certain groups, but I've tried changing several group settings (security and visibility settings for groups) and the issue still persists.

Thanks

  Discussion posts and replies are publicly visible

Parents
  • +1

    In case anyone finds themselves in this situation down the line, I found the root cause of the error. The account that was causing the issues had been set as a deployment account in our lower environments, which means it was added to the "Service Accounts" group. Turns out when you add a user to this group, their security role map gets updated so only specific accounts can access that users details. When our basic users were trying to access the details for this account, it was resulting in the error.

    I discovered this by checking the role maps of all our users using a foreach with the retrieveusersecurityrolemap() function, from the People Functions plug-in (surprisingly I couldn't find an out of the box way of checking the security role map for users). I then created a process model which used the Modify User Security smart service to revert the changes to the user role map, which fixed the error. I couldn't find any documentation about security role map updates when an account is added to the Service Accounts group, and it seems the only way to access and update a users role map is through the method I mentioned above. 

Reply
  • +1

    In case anyone finds themselves in this situation down the line, I found the root cause of the error. The account that was causing the issues had been set as a deployment account in our lower environments, which means it was added to the "Service Accounts" group. Turns out when you add a user to this group, their security role map gets updated so only specific accounts can access that users details. When our basic users were trying to access the details for this account, it was resulting in the error.

    I discovered this by checking the role maps of all our users using a foreach with the retrieveusersecurityrolemap() function, from the People Functions plug-in (surprisingly I couldn't find an out of the box way of checking the security role map for users). I then created a process model which used the Modify User Security smart service to revert the changes to the user role map, which fixed the error. I couldn't find any documentation about security role map updates when an account is added to the Service Accounts group, and it seems the only way to access and update a users role map is through the method I mentioned above. 

Children
No Data

© 2024 Appian. All rights reserved.