Question

When some specific user performs some operation in Business Automation there is an exception:

No access rights granted to method

How is it possible to determine which privilege is missing from the user's role?

Answer

Check WWW.log (www.log in BA <6.0) while receiving the error. Find the exception, like:

[14-04-05 09:30:37.913 RO_0:2082   RQ79200 TRC]      +++[5] DataPacket* RemoteObject::Call(const std::string&, DataPacket&, int)((RO_0:2082) method = IsFullyRegistred BM_Container::BM_Object, tmout = 86
400, user = 1007028, transaction = 78305, SID = 14513, lang = en, HP)
[14-04-05 09:30:37.915 RO_0:2082   RQ79200 TRC]      ...[5] *** INTERRUPTED BY EXCEPTION *** DataPacket* RemoteObject::Call(const std::string&, DataPacket&, int)
[14-04-05 09:30:37.915 RO_0:2082   RQ79200 TRC] (RO_0:2082) <98:0:2082> disconnected.
...
[14-04-05 09:30:37.915 UIWorker    RQ79200 ERR]         RequestError:System Error
No access rights granted to method

Check the log where the failed method was executed. In the above example, it was the IsFullyRegistred method in BM_Container. There should be the following error in generic_worker.log (or in BA<6.0 BM.log):

[14-04-05 09:30:37.914 Worker1.195 RQ79200 ERR] Method BM_Container::Worker1.195.IsFullyRegistred is forbidden for user 1007028

Find the method in the *.methods.list file of the corresponding container. In our example, it is ~bm/conf/BM.methods.list:

[root@bm ~]# grep IsFullyRegistred ~bm/conf/BM.methods.list
BM Account IsFullyRegistred ACCOUNTS_VIEW_DET
BM Account IsFullyRegistred CUST_MAKE_PURCHASES

You will see the privileges that allow the method to be executed. In this example, user 1007028 does not have the ACCOUNTS_VIEW_DET or the CUST_MAKE_PURCHASES privilege.

Generally, resolving the issue means assigning the missing privileges to the user. However, do not blindly assign the privileges. Check which were supposed to be assigned, and why they were not, as this may be a symptom of a bug or a misconfiguration. Additional note, sometimes BA restart is required to update the role (https://kb.cloudblue.com/en/128840).

Internal content