403 Access Denied you don't have permission to view this page

The 403 status & URL should be logged in the Tomcat Access logs. Sifting through our own logs, there's no 'extra' information about 403 errors - just the URL and the time to respond. So the URL itself is key for us to help you determine a root cause.

In addition to the things that others have said, I have seen this 403 error when

• SAML has timed out and the user's authentication token needed to be refreshed via the SSO provider. This often requires a full sign-in to the SSO provider when MFA is involved.
• SAML is incorrectly configured for a given user - for example, if a user gets married and changes their name, sometimes the IT group wouldn't have the username in sync other properties in Appian, the properties / username didn't update (or create a new user), and thus it wouldn't reconcile between the SSO provider and Appian. This required manual intervention to update the username to what IT had updated it to. Not sure why it didn't auto-reconcile, but the fix was easy and it was a rare occurrence.
• User was sent a link to a record, but they did not have access to that record type  as a viewer.
• If the user can see the record type (e.g. a grid), but don't have access to an individual record (e.g. due to row-level security) I believe they would see a different 'pink box' error (not a 403). It's worth double-checking this though, as error handling / pink boxes are subject to change with Appian versions.
• I vaguely remember seeing this when sent a link to a task at some point but getting an error 
• User was sent a link to a URL behind /design, but isn't in the Designers group. Not sure if this error is similar for the Appian cloud database

The 403 status & URL should be logged in the Tomcat Access logs. Sifting through our own logs, there's no 'extra' information about 403 errors - just the URL and the time to respond. So the URL itself is key for us to help you determine a root cause.

In addition to the things that others have said, I have seen this 403 error when

• SAML has timed out and the user's authentication token needed to be refreshed via the SSO provider. This often requires a full sign-in to the SSO provider when MFA is involved.
• SAML is incorrectly configured for a given user - for example, if a user gets married and changes their name, sometimes the IT group wouldn't have the username in sync other properties in Appian, the properties / username didn't update (or create a new user), and thus it wouldn't reconcile between the SSO provider and Appian. This required manual intervention to update the username to what IT had updated it to. Not sure why it didn't auto-reconcile, but the fix was easy and it was a rare occurrence.
• User was sent a link to a record, but they did not have access to that record type  as a viewer.
• If the user can see the record type (e.g. a grid), but don't have access to an individual record (e.g. due to row-level security) I believe they would see a different 'pink box' error (not a 403). It's worth double-checking this though, as error handling / pink boxes are subject to change with Appian versions.
• I vaguely remember seeing this when sent a link to a task at some point but getting an error 
• User was sent a link to a URL behind /design, but isn't in the Designers group. Not sure if this error is similar for the Appian cloud database