• State Not Answered
  • Replies 3 replies
  • Subscribers 95 subscribers
  • Views 2057 views
  • Users 0 members are here
Options
Related

Error Department: Viewing permission denied for value "Risk index (calculated)

gerrit
over 5 years ago

In the portal there is a section to show My Responsibilities. I am logged in as a user that is assigned as manager to several departments. These departments show up, but when I click one of them to view the details I get this error message.

The user is assigned to the application role Employee Managers, which is linked to permission group VI_4_ALLMANAGER.

That permission group has view rights on Departments (including the RiskIndexCalculated field).

It seems to be a permission issue, because when I assign the application role Identity Management / Organizations / Administrators (permission group vi_4_STRUCTADMIN_ADMIN) the user does get the permission to view the details in the portal. 

Does anyone know a good way to analyse such permission errors/issues? 

I cannot see a difference in the permission groups that could explain the right to view RiskIndexCalculated. My only alternative would be to grant one by one each low level permission in order to find which one would give the permission. 

  • 0 over 5 years ago

    First, which version are you using?

    Second, you may have missed posting the error message or I am unable to see them for other reasons. Can you please re-post the error message?

  • 0 over 5 years ago in reply to Markus Weiss-Ehlers

    Hi Markus, thx for your response.

    we are using version 8.1

    The error message is the same as the title:

    the VI_4_ALLMANAGER is linked to CCC_APPROVER group

    CCC_APPROVER has no rights on Department.

    When we use VI_4_ALLMANAGER as Permission Group for tge Employee Managers group we get the error

    When we use CCC_APPROVER as the Permission Group there is no error

    When we use VI_4_ALLMANAGER as Permission Group and add view rights on Department.RiskIndexCalculated to CCC_APPROVER there is no error

    So apparently, when we use VI_4_ALLMANAGER it inherites everything from CCC_APPROVER and that overwrites things on VI_4_ALLMANAGER?

    And when we use CCC_APPROVER it inherites everything from VI_4_ALLMANAGER and that overwrites things on CCC_APPROVER?

    Hope you can shed some light. 

  • 0 over 5 years ago in reply to gerrit

    Is the permission group CCC_Approver marked as role-based?

    Try to use the same authentication module and user, log into the Object Browser open up the same Department and use the Properties modal dialog to identify the permissions and the origin of the permissions.

    And, if you need more information, there is a video series on our YouTube channel around permissions management in OneIM. https://www.youtube.com/playlist?list=PL242czeZwlAl46Xv0UnBDwTm-8VN5p4qI