Posted: 24 Jan 2018 14:03 EST Last activity: 29 Jan 2018 12:58 EST
Access denied for rules.
I'm getting the access denied message in most tracer events. It's not affecting now but not sure when it may throw error. Mostly for flow rules, the event is getting traced. For instance, "Current user is not authorized for privilege 'DeleteAnyAttachment' for Role-Obj-Class XYZ-ABC-DEF-Work-pqr".
Any suggestions as to what might be causing the issue.
It sounds like the action being performed requires the DeleteAnyAttachment privilege but the access group for that user does not have that privilege. You mentioned the error occurs mostly for flow rules. What was the action being taken when you see the error?
Thanks for the reply Carissa! I'm getting the mentioned issue whenever any flow is referenced through out the case life cycle. Even when an OOTB flow is called, the following event is traced. I presume that the cloning has been done from some access role which doesn't have default privileges. Other than this many @baseclass privileges are also missing.
Can you suggest me the correct access role to clone from for the developer ID so that we don't face these issues? PFA screenshot for reference.
Posted: 3 years ago
Posted: 29 Jan 2018 12:58 EST
Carissa Wenhardt (CarissaW_GCS)
Principal Software Solutions Engineer
In my test environment, my developer ID is cloned from PegaRULES:SysAdm4. I traced running a flow and see that I also have the Access Denied for 'AM:RULE-OBJ-FLOW:WORK-!PZINTERNALCASEFLOW'. The privilege check can be seen in the java for the Work-.pzInternalCaseFlow flow but I don’t see any access roles that have that privilege. I also still see the internal flow added to my case so it did not prevent the flow from running. Maybe someone else will have more information on that privilege.
Posted: 3 years ago
Posted: 27 Jan 2018 3:00 EST
Shanthini Charles (Shanthini_Charles)
Principal Technical Solutions Engineer
I looked the typical usage of DeleteAnyAttachment privilege, It allows a user to delete any attachment (File, URL, Note, ScreenShot, or ScannedDocument type) for any work object that the user can update. In your usecase looks like the current user is unable to do that.
The DeleteAnyAttachment privilege was one of the instances where I was getting the Access Denied event type in the tracer. The issue is I'm facing the same for most of the @baseclass privileges and whenever any flow is referenced the above event is getting traced. I'm doubting it's because of some improper access role cloning. Please refer to my reply to Carissa for the reference screenshot.