none
How to configure 'Join a Group' in Portal? RRS feed

  • Question

  • Hi,

    Just trying to verify why my users cannot request to join a group via the Portal. Users can see the Security Groups in the Portal, and when they select a Group & click Join & submit, Access is denied with the following error:

    Error processing your request: The operation was rejected because of access control policies.
    Reason: The operation failed as a result of insufficient access rights.
    Attributes: ExplicitMember
    Correlation Id: xxxxxxxxx-39cf-xxxx-8794-xxxxxxxxxxxx
    Request Id: 
    Details: No policy grants the Requestor permission to complete all changes.

    1. Firstly, must the Group join restriction be 'Owner approval required'?
    2. The default 'Group management workflow: Owner approval on add member' MPR is enabled, do we need more MPRs?

    Search requests list this MPR as the problem: "Group management workflow: Owner approval on add member"

    "Group management workflow: Owner approval on add member" is configured as follows:

    - Requestors: All active People (my requesting user is in the group)

    - Operation: add a value to a multivalued attribute

    - Target Before/After: Owner Approved Groups (my test group is in there)

    - Attributes: Manually-managed Membership

    What other MPRs must be running for this to work?

    Thanks,

    SK


    • Edited by Shim Kwan Wednesday, October 1, 2014 2:16 AM
    Wednesday, October 1, 2014 2:16 AM

Answers

  • The event log should give you more information on the exact attributes which user's don't have permissions to write to - I'd suggest looking at that then making an MPR to grant permission to those attributes.

    I can't remember off the top of my head if any MPR needs to be explicitly enabled to support this, but in either case you should be able to create an MPR to provide access to attributes.

    • Marked as answer by Shim Kwan Thursday, October 2, 2014 3:34 AM
    Wednesday, October 1, 2014 8:32 AM
  • No worries, remember that out of the box a bunch of MPRs are disabled, but as long as you understand the concept and idea behind MPRs you can either enable the out of the box ones or just make your own ones

    PS: If my answer helped please mark the thread as answered :)

    • Marked as answer by Shim Kwan Thursday, October 2, 2014 3:34 AM
    Wednesday, October 1, 2014 9:37 PM

All replies

  • The event log should give you more information on the exact attributes which user's don't have permissions to write to - I'd suggest looking at that then making an MPR to grant permission to those attributes.

    I can't remember off the top of my head if any MPR needs to be explicitly enabled to support this, but in either case you should be able to create an MPR to provide access to attributes.

    • Marked as answer by Shim Kwan Thursday, October 2, 2014 3:34 AM
    Wednesday, October 1, 2014 8:32 AM
  • Thanks, I had to enable the 'Grants Permission' checkbox in the "Group management workflow: Owner approval on add member" MPR to get this to work.

    Also, if the same user then wanted to remove themselves from the group, I had to enable the 'Grants Permission' checkbox in the "Group management workflow: Validate requestor on remove member" MPR

    thx KMittal82

    Wednesday, October 1, 2014 8:09 PM
  • No worries, remember that out of the box a bunch of MPRs are disabled, but as long as you understand the concept and idea behind MPRs you can either enable the out of the box ones or just make your own ones

    PS: If my answer helped please mark the thread as answered :)

    • Marked as answer by Shim Kwan Thursday, October 2, 2014 3:34 AM
    Wednesday, October 1, 2014 9:37 PM