9.3 Workflow Security Error

0
I have two roles defined.  A teacher role that submits a timecard, and a principal role that approves it.  The principal has the workflow task in their inbox.  But when they open the inbox they get this error message:   An error has occurred while handling the request. [User 'DanielPrincipal' with session id '93b89a39-XXXX-XXXX-XXXX-XXXXXXXXf841' and roles 'Principal'] -------- com.mendix.webui.WebUIException: Exception while retrieving data for a widget 'TimeCard.TimeCardToApprove.referenceSelector1' on page 'TimeCard.TimeCardToApprove'     at com.mendix.webui.actions.client.RetrieveAction.$anonfun$apply$3(RetrieveAction.scala:92) Caused by: com.mendix.core.objectmanagement.SecurityRuntimeException: Read access denied for member 'Name' of object 'Administration.Account'     at com.mendix.basis.objectmanagement.MendixObjectMemberImpl.checkReadAccess(MendixObjectMemberImpl.java:153)     at com.mendix.basis.objectmanagement.MendixObjectMemberImpl.getValue(MendixObjectMemberImpl.java:199)     at com.mendix.webui.jsonserialization.ValueConverter$$anon$2.apply(ValueConverter.scala:39)     at com.mendix.webui.jsonserialization.ValueConverter$.convertValue(ValueConverter.scala:103)     at com.mendix.webui.jsonserialization.ValueConverter$.convertChangedMemberValue(ValueConverter.scala:38)     at com.mendix.webui.jsonserialization.MendixObjectConverter$.convertMemberValue(MendixObjectConverter.scala:89)     at com.mendix.webui.jsonserialization.MendixObjectConverter$.$anonfun$convertCurrentValues$2(MendixObjectConverter.scala:49)     at scala.collection.immutable.List.map(List.scala:246)     at scala.collection.immutable.List.map(List.scala:79)     at com.mendix.webui.jsonserialization.MendixObjectConverter$.convertCurrentValues(MendixObjectConverter.scala:47)     at com.mendix.webui.actions.client.RetrieveAction.$anonfun$apply$8(RetrieveAction.scala:75)     at scala.collection.immutable.List.map(List.scala:246)     at scala.collection.immutable.List.map(List.scala:79)     at com.mendix.webui.actions.client.RetrieveAction.$anonfun$apply$3(RetrieveAction.scala:74)     at scala.util.Either.map(Either.scala:382)     at com.mendix.webui.actions.client.RetrieveAction.apply(RetrieveAction.scala:46)     at com.mendix.webui.actions.client.RetrieveAction.apply(RetrieveAction.scala:29)     at com.mendix.webui.actions.client.RegularClientAction$Helpers$.$anonfun$liftEither$1(RegularClientAction.scala:29)     at com.mendix.webui.actions.client.RegularClientAction$Helpers$StateHandler.$anonfun$apply$4(RegularClientAction.scala:55)     at com.mendix.webui.requesthandling.helpers.StateHandling.withState(StateHandling.scala:39)     at com.mendix.webui.requesthandling.helpers.StateHandling.withState$(StateHandling.scala:36)     at com.mendix.webui.actions.client.RegularClientAction$Helpers$StateHandler.withState(RegularClientAction.scala:45)     at com.mendix.webui.actions.client.RegularClientAction$Helpers$StateHandler.apply(RegularClientAction.scala:53)     at com.mendix.webui.actions.client.RegularClientAction$Helpers$StateHandler.apply(RegularClientAction.scala:45)     at com.mendix.webui.actions.client.RegularClientAction.$anonfun$execute$3(RegularClientAction.scala:109)     at scala.util.Try$.apply(Try.scala:210)     at com.mendix.webui.actions.client.RegularClientAction.$anonfun$execute$2(RegularClientAction.scala:109)     at com.mendix.webui.actions.client.RegularClientAction.$anonfun$execute$2$adapted(RegularClientAction.scala:107)     at com.mendix.webui.requesthandling.helpers.ContextHandling.$anonfun$inContext$5(ContextHandling.scala:51)     at scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.scala:18)     at com.mendix.basis.actionmanagement.ActionMonitoring$.$anonfun$monitor$1(ActionMonitoring.scala:50)     at com.mendix.util.classloading.Runner.withContextClassLoader(Runner.java:19)     at com.mendix.basis.actionmanagement.ActionMonitoring$.monitor(ActionMonitoring.scala:50)     at com.mendix.webui.requesthandling.helpers.ContextHandling.inContext(ContextHandling.scala:51)     at com.mendix.webui.requesthandling.helpers.ContextHandling.inContext$(ContextHandling.scala:26)     at com.mendix.webui.actions.client.RegularClientAction.inContext(RegularClientAction.scala:86)     at com.mendix.webui.requesthandling.helpers.ContextHandling.inContext(ContextHandling.scala:23)     at com.mendix.webui.requesthandling.helpers.ContextHandling.inContext$(ContextHandling.scala:18)     at com.mendix.webui.actions.client.RegularClientAction.inContext(RegularClientAction.scala:86)     at com.mendix.webui.actions.client.RegularClientAction.$anonfun$execute$1(RegularClientAction.scala:107)     at scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.scala:18)     at com.mendix.webui.requesthandling.helpers.ProfileHandling.profileRequest(ProfileHandling.scala:14)     at com.mendix.webui.requesthandling.helpers.ProfileHandling.profileRequest$(ProfileHandling.scala:10)     at com.mendix.webui.actions.client.RegularClientAction.profileRequest(RegularClientAction.scala:86)     at com.mendix.webui.actions.client.RegularClientAction.execute(RegularClientAction.scala:104)     at com.mendix.webui.requesthandling.ClientRequestHandler.handleAction(ClientRequestHandler.scala:106)     at com.mendix.webui.requesthandling.ClientRequestHandler.processRequest(ClientRequestHandler.scala:79)     at com.mendix.externalinterface.connector.RequestHandler.doProcessRequest(RequestHandler.java:35)     at com.mendix.external.connector.MxRuntimeConnector.lambda$processRequest$0(MxRuntimeConnector.java:74)     at com.mendix.util.classloading.Runner.withContextClassLoader(Runner.java:19)     at com.mendix.external.connector.MxRuntimeConnector.processRequest(MxRuntimeConnector.java:73)     at com.mendix.basis.impl.MxRuntimeImplBase.processRequest(MxRuntimeImplBase.java:823)     at com.mendix.m2ee.appcontainer.server.handler.RuntimeServlet.service(RuntimeServlet.scala:25)     at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)     at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:799)     at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1626)     at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:228)     at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)     at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)     at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:548)     at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)     at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624)     at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)     at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1435)     at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)     at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:501)     at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594)     at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)     at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1350)     at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)     at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)     at org.eclipse.jetty.server.Server.handle(Server.java:516)     at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:388)     at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:633)     at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:380)     at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:277)     at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)     at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)     at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)     at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:338)     at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:315)     at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:173)     at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:131)     at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:383)     at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:882)     at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1036)     at java.base/java.lang.Thread.run(Thread.java:834)   But they do have Read access to System.User.Name:   Here is the app security:   This is the page parameter:
asked
2 answers
1

Hi Daniel,

In your first screenshot, you can see that the user role does indeed have read access to the “User.Name” attribute, but if you look closely, you can see that the xpath constraint on the access rule limits the rows on which a user has this permission to only the user’s own record: “[id = ‘[%currentUser%]’]”

Instead, you should show some attribute value from the “Account” entity, where you can control the entity access rules.

answered
0

In the module role of your app

can you please check does the TimeCard.TimeCardToApprove has the user allowed to access in the entity level

answered