AnsweredAssumed Answered

Why do you need to be assigned as an administrator to customize your personal dashboard?

Question asked by dummin on Oct 27, 2016
Latest reply on Oct 27, 2016 by jpotts

Alfresco Community - 5.2.0 (r130508-b9)

Windows Server 2012 R2

Using LDAP-AD

### AD Sync ###

authentication.chain=alfinst:alfrescoNtlm,ldap1:ldap-ad

ntlm.authentication.sso.enabled=false

ldap.authentication.allowGuestLogin=false

ldap.authentication.userNameFormat=%s@***

ldap.authentication.java.naming.provider.url=ldap://***:389

ldap.authentication.defaultAdministratorUserNames=Administrator, systems

ldap.synchronization.java.naming.security.principal=administrator@***

ldap.synchronization.java.naming.security.credentials=***

ldap.synchronization.groupSearchBase=ou=Groups,ou=Cornerstone Housing,dc=LCHSU,dc=local

ldap.synchronization.userSearchBase=ou=Users,ou=Cornerstone Housing,dc=LCHSU,dc=local

 

User needs to be assigned to the ' ALFRESCO_ADMINISTRATORS' group in order to change their individual dashboards - including hiding the 'Getting Started' panel from the dashboard or from the customisation page.

 

When they do try to make changes to their dashboard, alfresco.log spits out the following:

2016-10-27 17:00:29,140 ERROR [org.springframework.extensions.webscripts.AbstractRuntime] [http-apr-9090-exec-10] Exception from executeScript: 09270502 Access Denied.  You do not have the appropriate permissions to perform this operation.

org.alfresco.repo.security.permissions.AccessDeniedException: 09270502 Access Denied.  You do not have the appropriate permissions to perform this operation.

    at org.alfresco.repo.security.permissions.impl.ExceptionTranslatorMethodInterceptor.invoke(ExceptionTranslatorMethodInterceptor.java:57)

    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)

    at org.alfresco.repo.audit.AuditMethodInterceptor.invoke(AuditMethodInterceptor.java:166)

    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)

    at org.alfresco.repo.transaction.RetryingTransactionInterceptor$1.execute(RetryingTransactionInterceptor.java:86)

    at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:464)

    at org.alfresco.repo.transaction.RetryingTransactionInterceptor.invoke(RetryingTransactionInterceptor.java:76)

    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)

    at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)

    at com.sun.proxy.$Proxy20.addAspect(Unknown Source)

    at org.alfresco.repo.web.scripts.bean.ADMRemoteStore.deleteDocument(ADMRemoteStore.java:632)

    at org.alfresco.repo.web.scripts.bean.BaseRemoteStore.execute(BaseRemoteStore.java:302)

    at org.alfresco.repo.web.scripts.RepositoryContainer$3.execute(RepositoryContainer.java:512)

    at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:464)

    at org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecute(RepositoryContainer.java:587)

    at org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecuteAs(RepositoryContainer.java:656)

    at org.alfresco.repo.web.scripts.RepositoryContainer.executeScriptInternal(RepositoryContainer.java:428)

    at org.alfresco.repo.web.scripts.RepositoryContainer.executeScript(RepositoryContainer.java:308)

    at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:399)

    at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:210)

    at org.springframework.extensions.webscripts.servlet.WebScriptServlet.service(WebScriptServlet.java:132)

    at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

    at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

    at org.alfresco.module.aosmodule.service.ContextRootFilter.doFilter(ContextRootFilter.java:93)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

    at org.alfresco.web.app.servlet.GlobalLocalizationFilter.doFilter(GlobalLocalizationFilter.java:68)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)

    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)

    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504)

    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)

    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)

    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)

    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)

    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421)

    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1074)

    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)

    at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2466)

    at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:2455)

    at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

    at java.lang.Thread.run(Unknown Source)

Caused by: net.sf.acegisecurity.AccessDeniedException: Access is denied.

    at net.sf.acegisecurity.vote.AffirmativeBased.decide(AffirmativeBased.java:86)

    at net.sf.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:398)

    at net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:77)

    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)

    at org.alfresco.repo.security.permissions.impl.ExceptionTranslatorMethodInterceptor.invoke(ExceptionTranslatorMethodInterceptor.java:53)

    ... 48 more

 

This seems odd as this should be a pretty rudimentary function that shouldn't require elevated privileges

 

Any ideas? Could there be a conflict with the AD?

I've trolled the forums but can't seem to find anything...surely this isn't unique?

Outcomes