We have a user that continues to get this error message on basic screens. The person is a system Admin, has maximum rights and permissions in IFS, (head of IT), and has similar permissions to other users that don’t get this message. We are unable to figure out what is causing this.
Any help would be appreciated
Page 1 / 1
Hi @mess1153 , This is one method we can try out quickly, open the debug console, then generate the error. In the debug console you will find a red color line with the error.
It will show either a query or a statement which is trying to get executed. Find that database object in the debug console (could be a view), then search it in the ‘New permission sets’ window → ‘database object’ tab and grant access to it via either an existing permission set, or create a new one. If you create a new permission set, remember to assign it to the user via the ‘create user’ window as well.
Hope this will be helpful.
The simple answer is that they likely don’t have the permissions that are thought to have been applied, or that the Security Cache needs to be refreshed and then they need to log off/on again.
You can use the debug console to find out exactly what presentation object and/or database object is throwing the error, and if that is really granted to a permission set that the user has been given, then they either haven’t logged off/on since being assigned it or the cache refresh is needed. If they don’t have it granted in any of their permission sets then that’s yours answer.
In some cases it could potentially come from a lack of Business Roles being set up for their user, but if it is happening on a lot of unrelated screens then it still points to the assigned security not being what you think it is.
Nick
Hi @mess1153 , This is one method we can try out quickly, open the debug console, then generate the error. In the debug console you will find a red color line with the error.
It will show either a query or a statement which is trying to get executed. Find that database object in the debug console (could be a view), then search it in the ‘New permission sets’ window → ‘database object’ tab and grant access to it via either an existing permission set, or create a new one. If you create a new permission set, remember to assign it to the user via the ‘create user’ window as well.
Hope this will be helpful.
Will give this a shot, thanks!
The simple answer is that they likely don’t have the permissions that are thought to have been applied, or that the Security Cache needs to be refreshed and then they need to log off/on again.
You can use the debug console to find out exactly what presentation object and/or database object is throwing the error, and if that is really granted to a permission set that the user has been given, then they either haven’t logged off/on since being assigned it or the cache refresh is needed. If they don’t have it granted in any of their permission sets then that’s yours answer.
In some cases it could potentially come from a lack of Business Roles being set up for their user, but if it is happening on a lot of unrelated screens then it still points to the assigned security not being what you think it is.
Nick
He actually has the same permissions as I do, and I have no issues. We have tried clearing the cache and that hasn’t fixed it. The only time I got it to work was to take all of the permissions away and then regrant. It worked for about a week.
> He actually has the same permissions as I do, and I have no issues. We have tried clearing the cache and that hasn’t fixed it. The only time I got it to work was to take all of the permissions away and then regrant. It worked for about a week.
This doesn’t make sense. You either have access to Oracle database objects, or you do not. The control is handled by grants inside the database, on the object themselves, to the permission sets. Unless the other user is somehow connecting to a different database in error, if you both have the exact same permission sets granted (nothing more, nothing less), then you must both have the exact same permissions. You may have different Business Roles or even Company/Site combinations, but the permissions to the database objects must by necessity be identical.
The only other thing that could come in to play is if you have been explicitly granted access to database objects outside of the permission set structure (i.e. someone performed a GRANT inside the database), but even then it wouldn’t explain why - as you noted above - it worked for about a week then stopped working again
Nick
> He actually has the same permissions as I do, and I have no issues. We have tried clearing the cache and that hasn’t fixed it. The only time I got it to work was to take all of the permissions away and then regrant. It worked for about a week.
This doesn’t make sense. You either have access to Oracle database objects, or you do not. The control is handled by grants inside the database, on the object themselves, to the permission sets. Unless the other user is somehow connecting to a different database in error, if you both have the exact same permission sets granted (nothing more, nothing less), then you must both have the exact same permissions. You may have different Business Roles or even Company/Site combinations, but the permissions to the database objects must by necessity be identical.
The only other thing that could come in to play is if you have been explicitly granted access to database objects outside of the permission set structure (i.e. someone performed a GRANT inside the database), but even then it wouldn’t explain why - as you noted above - it worked for about a week then stopped working again
Nick
Exactly, that’s why we are scratching our heads. Also to point out, our permissions are not EXACT, but there is another screen this started on and we both have the permission set that the presentation and database object is grant.
Here is the object granted to the permission
Here are his permission sets, the highlighted one matches the above
Here is his error on that page
If you put the debug on, you’d be able to tell what query was executing that failed. You might even be able to tell by looking for a filter in the address bar. Both of you having similar permission sets doesn’t really ensure that you’ll be able to access the same screens.
If you put the debug on, you’d be able to tell what query was executing that failed. You might even be able to tell by looking for a filter in the address bar. Both of you having similar permission sets doesn’t really ensure that you’ll be able to access the same screens.
We ran the debug and it’s the query we were expecting to see. He is granted access to this query.
Did you get a red highlighted line when you produced the error with the debug on?
I’d try to set up another test user with the exact same permission set config as the problematic user. My expectation is that it will have the same issue.
Since you do not have the same setup as the problem user it isn’t correct to say they are the same, and since the example you show here is a custom object/screen it may be that something it uses is controlled for the other user but not you, e.g. if it pulls data from a view or uses a function that the user does not have access to
Did you get a red highlighted line when you produced the error with the debug on?
Here is what the debugger returned
select CUSTOMER_ID, &AO.CUSTOMER_INFO_API.Get_Name(CUSTOMER_ID), &AO.CUSTOMER_INFO_API.Get_Customer_Category(CUSTOMER_ID), CUSTOMER_ADDRESS, ROLE, DEPARTMENT, MANAGER, CONNECT_ALL_CUST_ADDR_DB, BLOCKED_FOR_CRM_OBJECTS_DB from &AO.CONTACT_CUSTOMER_INFO where PERSON_ID = :p0
Images
Does it show that the user is a valid person? You’d get a value for the :p0 parameter in the debug if they are.
Does it show that the user is a valid person? You’d get a value for the :p0 parameter in the debug if they are.
Yes, the user is a valid person. What’s odd is that when he populates that screen it starts with the customer ID query, when I do it starts with this query
That may have to do with the protected persons functionality which I’m not too familiar with.
You can also check to see if there’s a filter on a permission set that the user is granted that is holding an odd person_id and applying it to various screens that the user is visiting.
That may have to do with the protected persons functionality which I’m not too familiar with.
You can also check to see if there’s a filter on a permission set that the user is granted that is holding an odd person_id and applying it to various screens that the user is visiting.
We don’t have any protected persons, so I don’t think that’s it anyway. This user has full permissions and admin rights. Not sure what could be causing this.
I double checked and his does start with the same as mine. The error doesn’t trigger until the customer id query
OK, so I changed nothing, just refreshed some DB objects and now it works on both screens. Not sure what did it, thanks for all of the reponses!
> just refreshed some DB objects and now it works on both screens.
Did that include refreshing the Security Cache that I mentioned yesterday? ;) Either way, good news that it is working now!
> just refreshed some DB objects and now it works on both screens.
Did that include refreshing the Security Cache that I mentioned yesterday? ;) Either way, good news that it is working now!
It did, however that was short lived. He is getting the error again