One Identity 7.1 PersonWantsOrg - Person is not authorized to make requests at this point

I am pretty sure the reason is the same as in the thread here https://www.oneidentity.com/community/identity-manager/f/forum/27549/unable-to-create-personwantsorg-via-restapi

" ... if the normal request requirements are fulfilled (Receiver of the requested product needs to be a member of the shop the product is requested from if the product is not multi-requestable the receiver is not allowed to have the product assigned already, ...)."

They are a member of the shop, the PWO table is empty, and is not assigned in the PersonInOrg table.

What service item are you requesting?

What is the base object behind that service item?

On a mostly out-of-the-box fresh install of OneIM 7.1: Test scenario is a new business role - nothing special - called "Test Role". Nothing is assigned to the role. Created assignment resource, added it to a shelf. Went into Object Browser clicked add button for PersonWantsOrg, selected it from the drop down for UID_Org, selected myself from drop down for UID_PersonInserted, selected my "Test user" from drop down in UID_PersonOrdered - hit save - get the error above. The only non out of the box thing in this scenario is this is not the default ITShop but a new one. The new shop has a Customers object with a dynamic role. The test user is a customer of the shop and the shop shows assigned in the users 360 view. The test user also shows up in the 360 view of the shop under "Employees with access to this shop". The assignment resource is listed on the shelf on the shelfs 360 view.

On a mostly out-of-the-box fresh install of OneIM 7.1: Test scenario is a new business role - nothing special - called "Test Role". Nothing is assigned to the role. Created assignment resource, added it to a shelf. Went into Object Browser clicked add button for PersonWantsOrg, selected it from the drop down for UID_Org, selected myself from drop down for UID_PersonInserted, selected my "Test user" from drop down in UID_PersonOrdered - hit save - get the error above. The only non out of the box thing in this scenario is this is not the default ITShop but a new one. The new shop has a Customers object with a dynamic role. The test user is a customer of the shop and the shop shows assigned in the users 360 view. The test user also shows up in the 360 view of the shop under "Employees with access to this shop". The assignment resource is listed on the shelf on the shelfs 360 view.

What version is this exactly?

Is OneIM running on MS SQL or on Oracle?

What are your settings for the config parms QER\ITShop\GapBehavior and below, especially QER\ITShop\GapBehavior\GapFitting?

7.1 on MS SQL. Settings will be default: both are set to 0

Really 7.1 (no SP)?

My mistake - 7.1.2

Okay. Can you verify that a decision method is assigned to the product node you are requesting? 

Ah ok. Didn't realize that was required. I added Compliance Check Simplified to the shelf. Some progress, but a new error: "ObjectkeyAssignment has an invalid number of PK definitions". What else might I be missing?

Probably this one? (Misconfigured assignment resource?)

https://www.oneidentity.com/community/identity-manager/f/forum/30327/problem-inserting-data-to-table-personwantsorg-via-rest-api

When did the error occur? if it is after the PWO has created check the ObjectkeyAssignment. It is probably wrong.

Seems I was just impatient. Works fine now (several hours later as I had to do other tasks). Thanks Markus.

OK I lied. It never worked. What happened is, if I create it in Object browser - the first time I click save I get the above error, the second time I click save it saves just fine. However, it creates a ITShop request (shows up under Requests-requests overview) however, they do not show up under pending requests and the request status is still "New". I am baffled as to what is missing. The role has a effective approval policy with a workflow. I compared this setup to a few other setups I have for other customers. I cannot figure out what is missing.