Here is how I am getting the error: (I will use EnterpriseInvestments as an example however it happens with all sites)
EnterpriseInvestments > New Item > Generic
Here is the error i am getting:
ID Message
0 An error occurred while pre-processing the request submitted by the host (-not available-).
1 An exception occurred while processing the “Java/global/percussion/workflow/sys_wfAuthenticateUser” extension: com.percussion.security.PSAuthorizationException: User is not authorized to create this type of content…
I am logged in using admin1 so I don’t know why it says I am not authorized. This is a new install of v6.7, I am new to percussion and I haven’t been able to find anything on how to fix this error.
Yes. In IE8 and compatibility mode in IE, I get the same error as Firefox in Windows and on the Mac. No matter what I use, I get the error. No one has changed the roles. The admin2 account is having the same problem as well.
NickK, I believe it was a series of checks to validate that the “admin1” user was in the appropriate role that has access to the “Draft” state in the specific content type’s workflow. Have you checked the user’s role and role’s workflow associations?
RileyW,
We were fine last week … upgraded to 6.7 at the beginning of this week … and now we’re seeing this issue. There hasn’t been any change to roles, workflows, or communities during that upgrade. I’m just starting to wonder if 6.7 enforces some permissions that previous releases didn’t. Or interprets them differently.
Thanks for your reply.
Ouch… I urge to know that the upgrade was committed to a test environment before production. Have you reached out to Support to see if they have any fixes/workarounds for this issue as we started with 6.7 with little exposure to the changes from previous versions. Let me know what was discovered by Support.
We’ve had reports of behavior like this occurring in a few difference scenarios:
[ul]
[li]The user does not have Write permissions on the Folder where they are trying to create the Content Item.
[/li][li]The Workflow of the Content Type is not visible to the Community where the user is creating the Content Item.
[/li][li]The user is a Member of multiple Communities and multiple Workflow Roles. In the Community the user is currently logged in to, the user is not an Assignee of the Initial State of the Workflow the Content Item will enter.
[/li][/ul]
NickK,
Do you have any “workflow roles” associated with any “communities”? Basically we had an issue where the admin role was associated with community A and the user was logged into community B. The only roles the user had were community_a_member, community_b_member, and admin.
There is some code that was added in 6.7 that “removes” any role associated with a community other than the one logged into from the list of available roles for the user. In our case this meant that we were in essence not in any roles for the workflow. Removing the admin role from that community made it work. (Well, it did after we removed a phantom community role mapping from the DB)
Anyway, check out and see if that is the case. I believe someone said this was put into place so you could have editor_a, editor_b, approver_a, and approver_b and make it so that a user could be an editor and approver in community a, but only an editor in community b.
Thanks for all your comments.
This is an issue for us in one workflow that is using the original “Editor” and “Reviewer” roles that came with the installation. Other workflows where we have created new roles have not been affected.
So it’s currently looking like the upgrade has affected these FF roles in some way. Support are looking into it and I’ll keep you up-to-date.
Was there ever a resolution to this issue? Just today our Admin account “blew up” so to speak and we are getting the same error when trying to create any new content items in all communities if you are a member of the Admin Role :
<?xml version="1.0" encoding="utf-8" ?>
- <PSXLogErrorSet class="Request preprocessing" host="cms.erau.edu" port="80" protocol="http" root="/Rhythmyx" rxroot="http://cms.erau.edu:80/Rhythmyx">
<Error id="0">An error occurred while pre-processing the request submitted by the host (-not available-).</Error>
<Error id="1">An exception occurred while processing the "Java/global/percussion/workflow/sys_wfAuthenticateUser" extension: com.percussion.security.PSAuthorizationException: User is not authorized to create this type of content..</Error>
</PSXLogErrorSet>
I can add the Admin role to the workflows and it resolves the issue, but it was functioning just fine prior to about three hours ago and nothing has chnaged ot my knowledge?
Thanks
[QUOTE=NickK;18029]Thanks for all your comments.
This is an issue for us in one workflow that is using the original “Editor” and “Reviewer” roles that came with the installation. Other workflows where we have created new roles have not been affected.
So it’s currently looking like the upgrade has affected these FF roles in some way. Support are looking into it and I’ll keep you up-to-date.[/QUOTE]
The user needs to have assignee access to the Draft state of the workflow to be able to create the item or this error will occur. If the user was previously able to create the items and the Admin role was not assigned to the workflow then they must have been able to edit based upon a different role that is set as assignee for the workflow and they have access to. e.g. they may have the Web_Admin role which is assigned to the default workflows. The user may not have access now because this other role has been removed from Draft, or changed away from assignee. Or this other role is being filtered out based upon the community. Some functionality added to one of the versions to prevent the need to create separate workflows per community can cause some confusion, as discussed in this thread already. If the Web_Admin role is set as asignee to the draft state of the workflow and the user has the Web_Admin role they would normally be able to create the item. If someone then incorrectly adds the Web_Admin role to the Corporate Investements community from the Security Design tab in workbench, this role would essentially be filtered out of the workflow for a user in any other community. I would suggest you look at all the roles in draft that are Assignee , compare this with the roles the user has, and then see if any of these roles are assigned to any of the communities in Security Design. Normally these roles should not be assigned to communities unless you are using community specific workflow roles like Corporate_Investments_Reviewer, Enterprise_Investments_Reviewer etc.
Thank you, great information. I appreciate it. I am presuming since we just added two new sites that the scenario you mention below, of adding a web Admin via the Security design tab may be the problem. In an effort to resolve the issue I added the Admin role to each of the work flows, draft state via the content manager tab and all appears to function? Is that solution acceptable or will that cause additional problems?
It will work but it may end up being confusing and someone may add Admin to a community and you would get the same issue. Web_Admin is separate from Admin so you can assign some users to have full access to the Content items without being able to administer the whole system, e.g. Server Administrator, workbench etc. For Admin users to be able to have full access Admin role needs to be Asignee or the users should be also in the Web_Admin role. If you have some users just in the Web_Admin role they will still get filtered out and not be able to access as you would expect. You could add Admin and Web_Admin as you have done if you want but I would still make sure that the security design does not have workflow roles assigned to the communities.
