Expand my Community achievements bar.

Workflow exceptions

Avatar

Level 2

what are the basic permission to run workflows b/w multiple participants group. I have 2 group Group A and Group B, Group A gets the notification and want to forward the payload to GroupB, i am getting below issues in the permissions.

1. If GroupA is not admin, then i get Access denied "[10.196.110.41 [1452566728566] POST /bin/workflow/inbox HTTP/1.1] com.adobe.granite.workflow.core.jcr.WorkflowManager Cannot archive workitem: /etc/workflow/instances/server0/2016-01-11/model_8757937839297770/workItems/node6_etc_workflow_instances_server0_2016-01-11_model_8757937839297770
javax.jcr.AccessDeniedException: OakAccess0000: Access denied"

2. If GroupB wants to send back the payload to GroupA i get "com.adobe.granite.workflow.WorkflowException: Cannot add WorkItem to GroupA's inbox"

 

2 major issues i got stuck in after taking out the admin rights from GroupA and GroupB

 

If any one came across this issues, please respond.

 

Thanks in advance!!

6 Replies

Avatar

Level 10

Take a look at this from documentation, it might help you

            
workflow-editorsGroupGroup that is allowed to create and modify workflow models. 
workflow-usersGroup

A user participating in a workflow must be member of group workflow-users. This gives him or her full access to: /etc/workflow/instances so that he or she can update the workflow instance.

The group is included in the standard installation, but you must manu

[1]:https://docs.adobe.com/docs/en/cq/5-6-1/workflows/wf-admin.html

[2]:https://docs.adobe.com/docs/en/cq/5-6-1/administering/security.html

Avatar

Level 10

more general information about workflows that is good to know is here  - from Workflow Eng team: 

Ask the AEM Community Experts from March 2015: AEM Workflow  

Avatar

Level 9

Hi,

If I have to guess, the User must have three permissions to execute workflows:  READ, MODIFY, CREATE

And, these privileges must be set on following JCR node hierarchies.

  • READ:  /(root), /etc/workflow, /content/<website>, /libs, /libs/cq/workflow
  • MODIFY: /etc/workflow, /content/<website> (depends on workflow process)
  • CREATE: /etc/workflow, /content/<website> (depends on workflow process)

Jitendra

Avatar

Level 2

Thanks for reply!!

 

But i am still facing access denied issue, below is the issue i am getting in the log and attached the snapshot of the inbox

 

Caused by: org.apache.jackrabbit.oak.api.CommitFailedException: OakAccess0000: Access denied
    at org.apache.jackrabbit.oak.security.authorization.permission.PermissionValidator.checkPermissions(PermissionValidator.java:242)
    at org.apache.jackrabbit.oak.security.authorization.permission.PermissionValidator.propertyAdded(PermissionValidator.java:112)
    at org.apache.jackrabbit.oak.spi.commit.VisibleValidator.propertyAdded(VisibleValidator.java:83)
    at org.apache.jackrabbit.oak.spi.commit.EditorDiff.propertyAdded(EditorDiff.java:82)
    at org.apache.jackrabbit.oak.plugins.segment.SegmentNodeState.compareProperties(SegmentNodeState.java:592)
    at org.apache.jackrabbit.oak.plugins.segment.SegmentNodeState.compareAgainstBaseState(SegmentNodeState.java:491)
    at org.apache.jackrabbit.oak.spi.commit.EditorDiff.process(EditorDiff.java:52)
    at org.apache.jackrabbit.oak.security.authorization.permission.MoveAwarePermissionValidator$MoveContext.diff(MoveAwarePermissionValidator.java:158)
    at org.apache.jackrabbit.oak.security.authorization.permission.MoveAwarePermissionValidator$MoveContext.processDelete(MoveAwarePermissionValidator.java:148)
    at org.apache.jackrabbit.oak.security.authorization.permission.MoveAwarePermissionValidator$MoveContext.access$400(MoveAwarePermissionValidator.java:107)
    at org.apache.jackrabbit.oak.security.authorization.permission.MoveAwarePermissionValidator.childNodeDeleted(MoveAwarePermissionValidator.java:99)
    at org.apache.jackrabbit.oak.spi.commit.VisibleValidator.childNodeDeleted(VisibleValidator.java:123)
    at org.apache.jackrabbit.oak.spi.commit.VisibleValidator.childNodeDeleted(VisibleValidator.java:123)
    at org.apache.jackrabbit.oak.spi.commit.VisibleValidator.childNodeDeleted(VisibleValidator.java:123)
    at org.apache.jackrabbit.oak.spi.commit.VisibleValidator.childNodeDeleted(VisibleValidator.java:123)
    at org.apache.jackrabbit.oak.spi.commit.VisibleValidator.childNodeDeleted(VisibleValidator.java:123)
    at org.apache.jackrabbit.oak.spi.commit.VisibleValidator.childNodeDeleted(VisibleValidator.java:123)
    at org.apache.jackrabbit.oak.spi.commit.VisibleValidator.childNodeDeleted(VisibleValidator.java:123)
    at org.apache.jackrabbit.oak.spi.commit.VisibleValidator.childNodeDeleted(VisibleValidator.java:32)
    at org.apache.jackrabbit.oak.spi.commit.CompositeEditor.childNodeDeleted(CompositeEditor.java:135)
    at org.apache.jackrabbit.oak.spi.commit.EditorDiff.childNodeDeleted(EditorDiff.java:166)
    at org.apache.jackrabbit.oak.plugins.segment.SegmentNodeState.compareAgainstBaseState(SegmentNodeState.java:515)
    at org.apache.jackrabbit.oak.spi.commit.EditorDiff.childNodeChanged(EditorDiff.java:148)
    at org.apache.jackrabbit.oak.plugins.segment.MapRecord$2.childNodeChanged(MapRecord.java:403)
    at org.apache.jackrabbit.oak.plugins.segment.MapRecord.compare(MapRecord.java:487)
    at org.apache.jackrabbit.oak.plugins.segment.MapRecord.compare(MapRecord.java:394)
    at org.apache.jackrabbit.oak.plugins.segment.SegmentNodeState.compareAgainstBaseState(SegmentNodeState.java:583)
    at org.apache.jackrabbit.oak.spi.commit.EditorDiff.childNodeChanged(EditorDiff.java:148)
    at org.apache.jackrabbit.oak.plugins.segment.MapRecord.compare(MapRecord.java:418)
    at org.apache.jackrabbit.oak.plugins.segment.SegmentNodeState.compareAgainstBaseState(SegmentNodeState.java:583)
    at org.apache.jackrabbit.oak.spi.commit.EditorDiff.childNodeChanged(EditorDiff.java:148)
    at org.apache.jackrabbit.oak.plugins.segment.SegmentNodeState.compareAgainstBaseState(SegmentNodeState.java:531)
    at org.apache.jackrabbit.oak.spi.commit.EditorDiff.childNodeChanged(EditorDiff.java:148)
    at org.apache.jackrabbit.oak.plugins.segment.SegmentNodeState.compareAgainstBaseState(SegmentNodeState.java:531)
    at org.apache.jackrabbit.oak.spi.commit.EditorDiff.childNodeChanged(EditorDiff.java:148)
    at org.apache.jackrabbit.oak.plugins.segment.MapRecord.compare(MapRecord.java:418)
    at org.apache.jackrabbit.oak.plugins.segment.SegmentNodeState.compareAgainstBaseState(SegmentNodeState.java:583)
    at org.apache.jackrabbit.oak.spi.commit.EditorDiff.childNodeChanged(EditorDiff.java:148)
    at org.apache.jackrabbit.oak.plugins.segment.MapRecord.compare(MapRecord.java:418)
    at org.apache.jackrabbit.oak.plugins.segment.SegmentNodeState.compareAgainstBaseState(SegmentNodeState.java:583)
    at org.apache.jackrabbit.oak.spi.commit.EditorDiff.childNodeChanged(EditorDiff.java:148)
    at org.apache.jackrabbit.oak.plugins.segment.MapRecord.compare(MapRecord.java:487)
    at org.apache.jackrabbit.oak.plugins.segment.SegmentNodeState.compareAgainstBaseState(SegmentNodeState.java:583)
    at org.apache.jackrabbit.oak.spi.commit.EditorDiff.process(EditorDiff.java:52)
    at org.apache.jackrabbit.oak.spi.commit.EditorHook.processCommit(EditorHook.java:54)
    at org.apache.jackrabbit.oak.spi.commit.CompositeHook.processCommit(CompositeHook.java:61)
    at org.apache.jackrabbit.oak.plugins.segment.SegmentNodeStore$Commit.prepare(SegmentNodeStore.java:397)
    at org.apache.jackrabbit.oak.plugins.segment.SegmentNodeStore$Commit.optimisticMerge(SegmentNodeStore.java:428)
    at org.apache.jackrabbit.oak.plugins.segment.SegmentNodeStore$Commit.execute(SegmentNodeStore.java:484)
    at org.apache.jackrabbit.oak.plugins.segment.SegmentNodeStore.merge(SegmentNodeStore.java:162)
    at org.apache.jackrabbit.oak.spi.state.ProxyNodeStore.merge(ProxyNodeStore.java:43)
    at org.apache.jackrabbit.oak.core.MutableRoot.commit(MutableRoot.java:247)
    at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.commit(SessionDelegate.java:313)
    at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.save(SessionDelegate.java:459)
    ... 140 common frames omitted
06.02.2016 11:51:24.039 *ERROR* [10.196.110.15 [1454777483849] GET /libs/cq/workflow/content/inbox/list.json HTTP/1.1] libs.cq.workflow.components.inbox.list.json$jsp Payload not found for work item: /etc/workflow/instances/server0/2016-02-06/model_10968700908038736/workItems/node6_etc_workflow_instances_server0_2016-02-06_model_10968700908038736 (/content/dam/hmi/hmidam/pending/2016-01-02_1306_20160119213843614_O_20160206105039002.png)
06.02.2016 11:51:24.043 *ERROR* [10.196.110.15 [1454777483849] GET /libs/cq/workflow/content/inbox/list.json HTTP/1.1] libs.cq.workflow.components.inbox.list.json$jsp Payload not found for work item: /etc/workflow/instances/server0/2016-02-06/model_10968391650752958/workItems/node6_etc_workflow_instances_server0_2016-02-06_model_10968391650752958 (/content/dam/hmi/hmidam/pending/2015-09-25_1253_20160206104530002.png)

Avatar

Level 4

Hi,

Could you please let me know if you were able fix this issue and how .

Thanks in advance