Tweaking roles
We are having a change of staff this week. So we thought it appropriate to re-assess the roles and authorities which we quickly set up a couple of years ago. We have reset the base role to that described in the default roles.xml for 1.8. We have also set up a logistics role as described by TimG in various posts. We have created a new role of manager for higher level tasks.
When trying to save a customer cheque payment with the base role which has the authorities Customer Payments create and save (act.customerAccountPayment*), we got the following error message:
Failed to execute the business rules for URI archetypeService.save.act.customerAccountPayment.after.
When trying to save the same payment with another user with the manager role which has authorities Customer All Acts create, save and remove (act.customer*), the same error occurs.
The payment does work with a user with an administrator role which has authorities to create, save and remove All.
We did not expect this behaviour. Could someone explain what we have done wrong?
Mary
Re: Tweaking roles
Can you send your openvpms-full.log located in <TOMCAT_HOME>/logs to tanderson at openvpms.org ? I can take a look at it later today.
-Tim
Re: Tweaking roles
Problem solved, the answer is in the logs.
08 Jan 2017 19:52:04,131 WARN ArchetypeAwareVoter,http-bio-8080-exec-58:147 - marys - Access denied to principal=User[id=2,archetypeId=security.user.1.0,linkId=c9d66fb8-057a-11e4-9e60-97b9202cf822,version=10,name=Mary Slater], operation=archetypeService.save, archetype=act.tillBalance
08 Jan 2017 19:52:05,709 ERROR AbstractIMObjectSaveListener,http-bio-8080-exec-58:117 - marys - Failed to execute the business rules for URI archetypeService.save.act.customerAccountPayment.after.
It seems that the Till Balance authorities were the culprits. After creating these and selecting for Base Role, such a user can now enter payments.
Thanks again for your help Tim
Simon Slater
Registered Linux User #463789 @ http://linuxcounter.net