Expand my Community achievements bar.

Join us in celebrating the outstanding achievement of our AEM Community Member of the Year!

javax.jcr.AccessDeniedException: OakAccess0000: Access denied

Avatar

Level 3

Hi All,

I am facing below issue while executing workflows, issue is  " javax.jcr.AccessDeniedException: OakAccess0000: Access denied";

Can you please suggest how to resolve this issue?

Exception stack trace:

com.basco.aem.core.workflows.BascoParticipiantStepMailProcess Exception in Basco Participiant Service
javax.jcr.AccessDeniedException: OakAccess0000: Access denied
        at org.apache.jackrabbit.oak.api.CommitFailedException.asRepositoryExcep                                                                                        tion(CommitFailedException.java:231)
        at org.apache.jackrabbit.oak.api.CommitFailedException.asRepositoryExcep                                                                                        tion(CommitFailedException.java:212)
        at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.newRepositoryE                                                                                        xception(SessionDelegate.java:665)
        at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.save(SessionDe                                                                                        legate.java:538)
        at org.apache.jackrabbit.oak.jcr.session.SessionImpl$8.perform(SessionIm                                                                                        pl.java:417)
        at org.apache.jackrabbit.oak.jcr.session.SessionImpl$8.perform(SessionIm                                                                                        pl.java:414)
        at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.perform(Sessio                                                                                        nDelegate.java:293)
        at org.apache.jackrabbit.oak.jcr.session.SessionImpl.perform(SessionImpl                                                                                        .java:127)
        at org.apache.jackrabbit.oak.jcr.session.SessionImpl.save(SessionImpl.ja                                                                                        va:414)
        at sun.reflect.GeneratedMethodAccessor27.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces                                                                                        sorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:606)
        at org.apache.sling.jcr.base.SessionProxyHandler$SessionProxyInvocationH                                                                                        andler.invoke(SessionProxyHandler.java:113)
        at com.sun.proxy.$Proxy0.save(Unknown Source)
        at com.basco.aem.core.workflows.BascoParticipiantStepMailProcess.getPart                                                                                        icipant(BascoParticipiantStepMailProcess.java:173)
        at com.day.cq.workflow.compatibility.CQDynamicParticipantExecutor.getPar                                                                                        ticipant(CQDynamicParticipantExecutor.java:91)
        at com.adobe.granite.workflow.core.advance.DynamicParticipantNodeHandler                                                                                        .getParticipant(DynamicParticipantNodeHandler.java:196)
        at com.adobe.granite.workflow.core.advance.ParticipantNodeHandler.doTran                                                                                        sition(ParticipantNodeHandler.java:134)
        at com.adobe.granite.workflow.core.advance.AdvanceUtil.transitionFrom(Ad                                                                                        vanceUtil.java:143)
        at com.adobe.granite.workflow.core.advance.AdvanceUtil.transitionFromSta                                                                                        rtNode(AdvanceUtil.java:184)
        at com.adobe.granite.workflow.core.WorkflowSessionImpl.startWorkflow(Wor                                                                                        kflowSessionImpl.java:1165)

 

Thanks in advance.

Venkatesham

9 Replies

Avatar

Level 9

Hey @Venkatesha,

At first view, it seems that it is a permission issue. However, it would be great if you could explain your case what you are trying to do. Here are a few questions:

  1. Are you running this workflow with non-admin user?. If yes, Did you verify the permissions of that user in different jcr paths (/etc/notifications etc) ?.
  2. What are the steps you have in this workflow?. And Did you apply any ACL at workflow level for any user/group?.

---

Jitendra

To add to Jitendra's question, at which step are you seeing this error ? is it at the beginning or middle of the workflow on a particular step ?

Give as much as info you can so that we can try to solve the same.

Avatar

Level 9

Participant user/group might not have sufficient permissions on this activity.

Please check and also better provide more details of activity/task.

Avatar

Level 3

Thanks to all.

Resolved issue,i gave all permissions same as adminstrator group.

Issue is:

   changed code "resourceresolverfactory.getAdmistrativeResourceResolver(null)-->adminsession" to

                        "final HashMap<String, Object> authInfo = new HashMap<String, Object>();
                         authInfo.put(ResourceResolverFactory.SUBSERVICE, "Workflow-service");
                        resourceResolver = resourceResolverFactory.getServiceResourceResolver(authInfo); "

   so the authinfor of "workflow-service" has not same access as adminsession ,then  configured admistrator group to "Workflow-service.

   It is working fine after change the permissions.

 

Thanks to all.

Avatar

Employee

Venkatesha Gampa wrote...

Thanks to all.

Resolved issue,i gave all permissions same as adminstrator group.

Issue is:

   changed code "resourceresolverfactory.getAdmistrativeResourceResolver(null)-->adminsession" to

                        "final HashMap<String, Object> authInfo = new HashMap<String, Object>();
                         authInfo.put(ResourceResolverFactory.SUBSERVICE, "Workflow-service");
                        resourceResolver = resourceResolverFactory.getServiceResourceResolver(authInfo); "

   so the authinfor of "workflow-service" has not same access as adminsession ,then  configured admistrator group to "Workflow-service.

   It is working fine after change the permissions.

 

Thanks to all.

 

 

Giving the same permissions as the administrator group seems like a workaround, and not the best way to proceed, as admin permissions should be used with care. 

Ideally you would identify exactly what is being updated/accessed and just give sufficient permissions to perform the action/task.

Regards,

Opkar

Avatar

Administrator

Hi 

In Support of Opkar Gills's post, giving administrator group permission is a workaround (for security reasons). We should identify the access type and should provide permission is accordance.

~kautuk Sahni



Kautuk Sahni

Avatar

Former Community Member

"org.apache.jackrabbit.vault.packaging.PackageException: javax.jcr.AccessDeniedException: Access denied."

I'm receiving same error, it install packages; provide permissions according to the manual "work with packages"

 

To grant users the right to create, modify, upload, and install packages, you must give them the appropriate permissions at the following locations:

  • /etc/packages (full rights excluding delete)
  • the node that contains the package content (/content/myProyect and /apps/myProyect)