Adobe Experience Manager Sites & More

pavank8292442 · 1/11/16

what are the basic permission to run workflows b/w multiple participants group. I have 2 group Group A and Group B, Group A gets the notification and want to forward the payload to GroupB, i am getting below issues in the permissions.

1. If GroupA is not admin, then i get Access denied "[10.196.110.41 [1452566728566] POST /bin/workflow/inbox HTTP/1.1] com.adobe.granite.workflow.core.jcr.WorkflowManager Cannot archive workitem: /etc/workflow/instances/server0/2016-01-11/model_8757937839297770/workItems/node6_etc_workflow_instances_server0_2016-01-11_model_8757937839297770
javax.jcr.AccessDeniedException: OakAccess0000: Access denied"

2. If GroupB wants to send back the payload to GroupA i get "com.adobe.granite.workflow.WorkflowException: Cannot add WorkItem to GroupA's inbox"

2 major issues i got stuck in after taking out the admin rights from GroupA and GroupB

If any one came across this issues, please respond.

Thanks in advance!!

edubey · 1/31/16

Take a look at this from documentation, it might help you

workflow-editors

Group

Group that is allowed to create and modify workflow models.

workflow-users

Group

A user participating in a workflow must be member of group workflow-users. This gives him or her full access to: /etc/workflow/instances so that he or she can update the workflow instance.

The group is included in the standard installation, but you must manu

[1]:https://docs.adobe.com/docs/en/cq/5-6-1/workflows/wf-admin.html

[2]:https://docs.adobe.com/docs/en/cq/5-6-1/administering/security.html

smacdonald2008 · 1/31/16

more general information about workflows that is good to know is here - from Workflow Eng team:

Ask the AEM Community Experts from March 2015: AEM Workflow

Jitendra_S_Toma · 1/31/16

Hi,

If I have to guess, the User must have three permissions to execute workflows: READ, MODIFY, CREATE

And, these privileges must be set on following JCR node hierarchies.

READ: /(root), /etc/workflow, /content/<website>, /libs, /libs/cq/workflow
MODIFY: /etc/workflow, /content/<website> (depends on workflow process)
CREATE: /etc/workflow, /content/<website> (depends on workflow process)

Jitendra

pavank8292442 · 2/6/16

Thanks for reply!!

But i am still facing access denied issue, below is the issue i am getting in the log and attached the snapshot of the inbox

Caused by: org.apache.jackrabbit.oak.api.CommitFailedException: OakAccess0000: Access denied
   at org.apache.jackrabbit.oak.security.authorization.permission.PermissionValidator.checkPermissions(PermissionValidator.java:242)
   at org.apache.jackrabbit.oak.security.authorization.permission.PermissionValidator.propertyAdded(PermissionValidator.java:112)
   at org.apache.jackrabbit.oak.spi.commit.VisibleValidator.propertyAdded(VisibleValidator.java:83)
   at org.apache.jackrabbit.oak.spi.commit.EditorDiff.propertyAdded(EditorDiff.java:82)
   at org.apache.jackrabbit.oak.plugins.segment.SegmentNodeState.compareProperties(SegmentNodeState.java:592)
   at org.apache.jackrabbit.oak.plugins.segment.SegmentNodeState.compareAgainstBaseState(SegmentNodeState.java:491)
   at org.apache.jackrabbit.oak.spi.commit.EditorDiff.process(EditorDiff.java:52)
   at org.apache.jackrabbit.oak.security.authorization.permission.MoveAwarePermissionValidator$MoveContext.diff(MoveAwarePermissionValidator.java:158)
   at org.apache.jackrabbit.oak.security.authorization.permission.MoveAwarePermissionValidator$MoveContext.processDelete(MoveAwarePermissionValidator.java:148)
   at org.apache.jackrabbit.oak.security.authorization.permission.MoveAwarePermissionValidator$MoveContext.access$400(MoveAwarePermissionValidator.java:107)
   at org.apache.jackrabbit.oak.security.authorization.permission.MoveAwarePermissionValidator.childNodeDeleted(MoveAwarePermissionValidator.java:99)
   at org.apache.jackrabbit.oak.spi.commit.VisibleValidator.childNodeDeleted(VisibleValidator.java:123)
   at org.apache.jackrabbit.oak.spi.commit.VisibleValidator.childNodeDeleted(VisibleValidator.java:123)
   at org.apache.jackrabbit.oak.spi.commit.VisibleValidator.childNodeDeleted(VisibleValidator.java:123)
   at org.apache.jackrabbit.oak.spi.commit.VisibleValidator.childNodeDeleted(VisibleValidator.java:123)
   at org.apache.jackrabbit.oak.spi.commit.VisibleValidator.childNodeDeleted(VisibleValidator.java:123)
   at org.apache.jackrabbit.oak.spi.commit.VisibleValidator.childNodeDeleted(VisibleValidator.java:123)
   at org.apache.jackrabbit.oak.spi.commit.VisibleValidator.childNodeDeleted(VisibleValidator.java:123)
   at org.apache.jackrabbit.oak.spi.commit.VisibleValidator.childNodeDeleted(VisibleValidator.java:32)
   at org.apache.jackrabbit.oak.spi.commit.CompositeEditor.childNodeDeleted(CompositeEditor.java:135)
   at org.apache.jackrabbit.oak.spi.commit.EditorDiff.childNodeDeleted(EditorDiff.java:166)
   at org.apache.jackrabbit.oak.plugins.segment.SegmentNodeState.compareAgainstBaseState(SegmentNodeState.java:515)
   at org.apache.jackrabbit.oak.spi.commit.EditorDiff.childNodeChanged(EditorDiff.java:148)
   at org.apache.jackrabbit.oak.plugins.segment.MapRecord$2.childNodeChanged(MapRecord.java:403)
   at org.apache.jackrabbit.oak.plugins.segment.MapRecord.compare(MapRecord.java:487)
   at org.apache.jackrabbit.oak.plugins.segment.MapRecord.compare(MapRecord.java:394)
   at org.apache.jackrabbit.oak.plugins.segment.SegmentNodeState.compareAgainstBaseState(SegmentNodeState.java:583)
   at org.apache.jackrabbit.oak.spi.commit.EditorDiff.childNodeChanged(EditorDiff.java:148)
   at org.apache.jackrabbit.oak.plugins.segment.MapRecord.compare(MapRecord.java:418)
   at org.apache.jackrabbit.oak.plugins.segment.SegmentNodeState.compareAgainstBaseState(SegmentNodeState.java:583)
   at org.apache.jackrabbit.oak.spi.commit.EditorDiff.childNodeChanged(EditorDiff.java:148)
   at org.apache.jackrabbit.oak.plugins.segment.SegmentNodeState.compareAgainstBaseState(SegmentNodeState.java:531)
   at org.apache.jackrabbit.oak.spi.commit.EditorDiff.childNodeChanged(EditorDiff.java:148)
   at org.apache.jackrabbit.oak.plugins.segment.SegmentNodeState.compareAgainstBaseState(SegmentNodeState.java:531)
   at org.apache.jackrabbit.oak.spi.commit.EditorDiff.childNodeChanged(EditorDiff.java:148)
   at org.apache.jackrabbit.oak.plugins.segment.MapRecord.compare(MapRecord.java:418)
   at org.apache.jackrabbit.oak.plugins.segment.SegmentNodeState.compareAgainstBaseState(SegmentNodeState.java:583)
   at org.apache.jackrabbit.oak.spi.commit.EditorDiff.childNodeChanged(EditorDiff.java:148)
   at org.apache.jackrabbit.oak.plugins.segment.MapRecord.compare(MapRecord.java:418)
   at org.apache.jackrabbit.oak.plugins.segment.SegmentNodeState.compareAgainstBaseState(SegmentNodeState.java:583)
   at org.apache.jackrabbit.oak.spi.commit.EditorDiff.childNodeChanged(EditorDiff.java:148)
   at org.apache.jackrabbit.oak.plugins.segment.MapRecord.compare(MapRecord.java:487)
   at org.apache.jackrabbit.oak.plugins.segment.SegmentNodeState.compareAgainstBaseState(SegmentNodeState.java:583)
   at org.apache.jackrabbit.oak.spi.commit.EditorDiff.process(EditorDiff.java:52)
   at org.apache.jackrabbit.oak.spi.commit.EditorHook.processCommit(EditorHook.java:54)
   at org.apache.jackrabbit.oak.spi.commit.CompositeHook.processCommit(CompositeHook.java:61)
   at org.apache.jackrabbit.oak.plugins.segment.SegmentNodeStore$Commit.prepare(SegmentNodeStore.java:397)
   at org.apache.jackrabbit.oak.plugins.segment.SegmentNodeStore$Commit.optimisticMerge(SegmentNodeStore.java:428)
   at org.apache.jackrabbit.oak.plugins.segment.SegmentNodeStore$Commit.execute(SegmentNodeStore.java:484)
   at org.apache.jackrabbit.oak.plugins.segment.SegmentNodeStore.merge(SegmentNodeStore.java:162)
   at org.apache.jackrabbit.oak.spi.state.ProxyNodeStore.merge(ProxyNodeStore.java:43)
   at org.apache.jackrabbit.oak.core.MutableRoot.commit(MutableRoot.java:247)
   at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.commit(SessionDelegate.java:313)
   at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.save(SessionDelegate.java:459)
   ... 140 common frames omitted
06.02.2016 11:51:24.039 *ERROR* [10.196.110.15 [1454777483849] GET /libs/cq/workflow/content/inbox/list.json HTTP/1.1] libs.cq.workflow.components.inbox.list.json$jsp Payload not found for work item: /etc/workflow/instances/server0/2016-02-06/model_10968700908038736/workItems/node6_etc_workflow_instances_server0_2016-02-06_model_10968700908038736 (/content/dam/hmi/hmidam/pending/2016-01-02_1306_20160119213843614_O_20160206105039002.png)
06.02.2016 11:51:24.043 *ERROR* [10.196.110.15 [1454777483849] GET /libs/cq/workflow/content/inbox/list.json HTTP/1.1] libs.cq.workflow.components.inbox.list.json$jsp Payload not found for work item: /etc/workflow/instances/server0/2016-02-06/model_10968391650752958/workItems/node6_etc_workflow_instances_server0_2016-02-06_model_10968391650752958 (/content/dam/hmi/hmidam/pending/2015-09-25_1253_20160206104530002.png)

pavank8292442 · 2/6/16

Please find the complete error in the attachment

_SumitSinghal · 11/17/16

Hi,

Could you please let me know if you were able fix this issue and how .

Thanks in advance

Adobe Experience Manager Sites & More

Workflow exceptions

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe