none
Error processing your request: The operation was rejected because of access control policies. RRS feed

  • Question

  • Am unable to add any staffs to the security group. It pop's for the below mentioned error,

    Error processing your request: The operation was rejected because of access control policies.

    Reason: The server workflow rejected the operation.

    Correlation Id: 6ebb20f7-9807-4db8-a412-8a80cc1fa829

    Request Id: 6d05799f-3c92-410c-88c1-accb8f0d64a5

    Details: The Workflow Instance 'fbcef8fb-4524-4deb-9af3-c03ca7a7b93e' encountered an internal error during processing. Contact your system administrator for more information.

    Thursday, May 7, 2015 2:46 AM

All replies

  • You need to make sure that the user running this process has rights to both the group and user. If you look at the requests, there should be a failed one and that will also have a reference to the MPR that is failing, or simply would say "No MPR grants access"


    Nosh Mernacaj, Identity Management Specialist

    • Proposed as answer by Nosh Mernacaj Tuesday, May 12, 2015 1:14 PM
    Thursday, May 7, 2015 1:34 PM
  • The request status is Denied but it is not in failed status and am unable to track which MPR is failing.  Do you have any solution for this.
    Monday, May 11, 2015 8:20 AM
  • Well. denied (is same as failure).

    This means there is no MPR to grant such access.

    So you need to check and make sure (if not there create)

    1. Edit (Existing one) or Create a new MPR that grants read access to Staff (select all attributes)

    2. Edit (Existing one) or Create a new MPR that grants modify access to Security Group Object (select all attributes)

    If you are unsure how this works, please let me know.


    Nosh Mernacaj, Identity Management Specialist

    • Proposed as answer by Nosh Mernacaj Tuesday, May 12, 2015 1:14 PM
    Monday, May 11, 2015 1:08 PM
  • Thanks for the reply.

    I have checked all the MPR that triggers while adding a staff to the group. They have relevant access to add to the group. Could you please help me as am new to FIM and assist me in creating a new MPR so that this error disappears.

    Thanks.

    Tuesday, May 12, 2015 10:49 AM
  • If you are so new to FIM you don't know how to create a new MPR you should really read the relevant FIM documentation before asking this group for help.

    https://technet.microsoft.com/en-us/library/ee534905(v=ws.10).aspx

    Regards,

    Dave

    Tuesday, May 12, 2015 11:05 AM
  • As David said, this is not the place to learn the basics.

    David used to teach FIM courses (Some very good ones), not sure if he still does, but he can point you to the right direction. 

    It is also not a good idea to base your decision making on forum opinions, such as mine, but if you need to know how more about MPRs, please read here. https://technet.microsoft.com/en-us/library/ee534902(v=ws.10).aspx  MPR stands for Management Policy Rule. 

    Most the MPRs you need are there already, you just need to Enable them, as described in this article.


    Nosh Mernacaj, Identity Management Specialist

    Tuesday, May 12, 2015 12:56 PM