We need to update a process builder.
To do the same, we cloned the existing process builder.
The process builder has a criteria on Application Status(API name: hed__Application_Status__c) field.
When I click on that criteria, get the below message:
My user profile is System Administrator. The System Administrator has access to all fields of Application:
When I try to find the field in the object in process builder, not able to find the same:
What am I missing here?
FLS was not there for System Administrator for Application Status field.
After adding that, I am not seeing the error.
Related
In my site the guest users have access to the flow and they able to run the flow and even create records. When the flow try to find the created record the next error accrue:
Because Get_Record is passed to an action, subflow, or Lightning component, store the values of all Request_for_ChemTox__c fields that the running user has access to.
I gave access to every field for that user and still keep getting this error.
Any ideas?
It's probably not field level security (~table columns) but whole record's security (~table rows).
Check your site/community/experience settings as described in this article: https://help.salesforce.com/s/articleView?id=000352970&type=1. If there's something set - the ownership of created record is immediately transferred over to that internal user and guest loses visibility. It sucks but it's there to protect you, makes sure that if you have for example Leads or Cases submitted by guest users - they immediately "disappear", guest/hacker can't report on them, experiment with IDs in the url to learn other people's data...
You can Check Setup -> Sharing Settings for this object and create new sharing rule. (I can't upload image right now but start making new sharing rule with step 2 "rule type = Guest user access, based on criteria")
https://help.salesforce.com/s/articleView?id=sf.networks_guest_record_default_owner_best_practices.htm&type=5 has some good tips too:
If you’d like to create a different experience for guest users, use
flows in System Mode to redirect guest users to a different custom
screen after they create a record
Need a Process builder access for the Non-admin user in Salesforce Org.
Here I have following permissions based on my profile/user,
Flow User Enabled - User Record
Manage Flow Permission enabled - System permission(Profile).
And having a View All permission for all objects - Object Settings (Profile).
So I don't know where I am missing anything more for access process builder.
Where
currently if I check process builder via quick find i am not able to
see the option (link for process builder).
Helps appreciated. Thanks in advance.
The system permission "View All Data" is separate from the object-level "View All" permission, and is not the same as having "View All" on each object.
As documented in Create a Process, the permissions required are
To create, edit, or view processes: Manage Flow AND View All Data
You will need to add the View All Data system permission. Be aware that this bypasses large sections of the Salesforce security architecture.
I should note, this user had existed in the past, left, and then came back to be reactivated.
I inherited this Redmine system in the interim, so I don't know all of tis details (read: quirks)
===
When attempting to create the user name.last#student.email.edu, Redmine fails the user add saying The email is already in use.
However a search of Redmine users shows no such user, and can find no such email.
When searching in Redmine for both MY username and my email - both come up, so I think I'm doing the search correctly.
Redmine users are validated against an Samba Active Directory domain (not locally).
The user account seems to be fine in Samba Active Directory.
One user can have multiple e-mail addresses, best way to resolve that situation is to either seek for that user via ruby console or with some SQL database query tool.
Console approach:
To activate ruby console, just on your Redmine server, navigate via terminal or cmd on windows to Redmine install folder and type rails console, you might need to add RAILS_ENV=production if required.
EmailAddress.find_by(address: "my#address.com")
Replace my#address.com with address you are looking for, or
That would return result like:
#<EmailAddress id: 3, user_id: 1, address: "my#address.com"...
Than in following query, you can get exact user id, by using user_id from previous query:
User.find_by(id:id_from_previous_query)
Just replace id_from_previous_query, with proper id, retruned in previous query.
Database approach:
E-mail addresses are located in email_addresses database table.
Below is sql code that you can run if you installed Redmine with MySql/MariaDb,
just replace %search% with email or part of email that you are searching for
select login,firstname,lastname,address from users left join email_addresses on users.id=email_addresses.user_id where email_addresses.address like '%search%'
I have also created feature proposal, based upon your inquiry here: https://www.redmine.org/issues/31043
I have a PerformancePoint dashboard running in MOSS 2007 portal. The dashboard consists of one SSRS 2005 report, running in SharePoint Integrated mode.
NT Authority\Authenticated Users have read permissions to the report library containing the SSRS report, the dashboard, and the report library containing the dashboard.
Users that attempt to access the dashboard receive the following error message:
The permissions granted to user
'DOMAIN\firstname.lastname' are
insufficient for performing this
operation. (rsAccessDenied)
Users that then click on the direct link to the report in MOSS will see the report with no problem. Subsequent visits to the dashboard show the report with no problem.
The report is using a data source that is located one folder up from the report location. The report has been updated to point to the correct shared data source after deployment. Both the report and the data source have been published. The data source is using stored credentials, with a domain service account that has been set to Use as Windows credentials. This service account is serving other reports in other areas with no problem.
Edit:
Ok, I've gotten a lot more information on this problem. The request is never actually being made to the data source. The user comes in to the dashboard and requests a report for the first time using their kerberos token identifying themselves. The report looks in the Report Server database and finds that they are not listed in the users table and generates this rsAccessDenied error. Once they view the report directly their name is in this table and they never have the problem again.
Unfortunately, removing the user from the Users table in the RS database doesn't actually cause this error to happen again.
Everything I've read says that when you run a Report Server in MOSS integrated mode all your permissions are handled at the MOSS report library level, and all Auth users have permissions to the report library, as stated earlier. Any ideas?
It sounds like the dashboard page is not passing credentials to the report server. Because you stated if the user hits the report directly it works and then if they go through the dashboard it works. So does it stop working after a certain period, indicating a cached session?
I would look carefully at the properties on the dashboard in performance point to see if it is passing credentials or trying to use anonymous. I hope this isn't a case of double hop and Kerberos :(
I'm not sure if this is actually the same issue, but you could double check that the data sources are set to "Approved", not "Pending". It's a stretch, but it's worth a shot.
I implemented a work-around:
created a fake report
on the page with my report, created a content editor web part consisting of the following:
<iframe style="display:none;" src="https://link/to/my/report.rdl"></iframe>
I tested with another user that was experiencing the error, and they are no longer experiencing the error with my new and improved page.
I know this is a kludgy, and might even be dependent on the loading order of the page. Therefore, I would really like to find out what's causing this issue so I can fix it for good.
Edit:
I don't want to accept my own answer, since it's just a work-around. If anyone can post anything relevant to the user name placed into the Report Server DB and how that relates to SharePoint Integrated mode, you'll get the bounty.
So I have a setup where clearcase and clearquest are integrated.
I.E. if I check in a file in clearcase clearquest will popup asking for a change request number.
Here's the deal, I don't have to "login" every time I start a new clearexplorer.
I have some other tools I have been writing that I would like to take advantage of that capability but I don't know where to start. Basically I want my tool to check the same place clearcase checks to see that I'm a valid user and create my object based on those credentials.
From the looks of things the ALDB server might have something to do with it but I don't know how to interact with it.
Anyone have any ideas on it?
UPDATE:
I guess What I mean is I don't have to login to Clearquest every time I open a new clearcase and check in files. That's what I'm really looking for. using the existing clearquest "authentication" object (If that's what its even called)
Update 2:
Based on Information I found here:
http://publib.boulder.ibm.com/infocenter/cqhelp/v7r0m0/index.jsp?topic=/com.ibm.rational.clearquest.apiref.doc/c_perf_user_admin.htm
You can use this method to obtain the Session object associated with the current user. See the description of the Session object for more information on how to use this object.
I look at Session Object and it doesn't seem to mention about how to use this object as it states.
Update #3
This has been a long time, but it's come up again, I think what I'm really looking to do is build something that shares the Session object since logging in takes quite a while my plan is to login once using a background process, and then I can query that running process for the object when I try to login with a second program, if it works all goes well and continues, if it doesn't then it will require a manual login, (or could spawn the process that logs in, and waits for a response).
If/When I make this I'll post some details on steps I took.
It is true the albd service (Atria Location Broker Daemon) requires a Windows account to function. But not yours. See Updating the Windows ClearCase ALBD Password.
The last one, the ALBD service, requires a Windows user account with ClearCase privileges to function properly.
In the definition of this service, during ClearCase installation, the ClearCase administrator must specify the name of this privileged account, the password, the Windows domain, and the Windows group for this account.
Any ClearCase-related operation will based the user identification on the
credmap informations (if you are with Windows clients and Unix server)
credmap registryServer
or the creds.exe informations
The clearcase objects (like a new version created after a checkin) will get those credentials.