A user with profile "user" can not perform any actions

Hello,

I seem to have a strange bug in Bonita. I have installed 2 Bonita instances (dev and qa) with the same configs. I created a "dummyUser" on both systems with the profil "user". On QA i can login with the "dummyUser" and i can perfom the following action

http://bonita.dev.someCompany.com/bonita/API/bpm/process?f=name=aProcess&f=version=3.1.18 

and i get a result.

On Dev instance with the same user created I get 

"Access to bonita.qa.someCompany.com was denied

You don't have authorisation to view this page.

HTTP ERROR 403"

To the best of my knowledge I have compared everything so far and found no difference. Is there a possibility to change the rights of the profile "user"? Or does anyone have an idea what this could be due to?

 

According to the documentation, a user with the profile "user" should be able to start or view at least one process. See Default Profils https://documentation.bonitasoft.com/bonita/7.8/profiles-overview

 

We are using Bonita Version 7.7.3

Hi Fabian,

It looks you are missing some configuration. 

Are you able to log in and access the portal? and see process list?

Cheers

Fabian,

You can add images here - https://imgur.com/ - , and then post the link

I just tested in my own and works as expected. Can you plase add some images, so we can see what is going on?

Thanks

Hey Pablo,

thanks for your reply.

And yes we can log in with the user and access the portal. But it looks like the user is not seeing anything.

I would provide an picture but i don't have a clue how to upload it here. 

Also when I'm logged in with the newly created user and open the network tab in chrome I'll get an 403 on this request 

--> http://bonita.dev.cloud.someCompany.com/bonita/API/bpm/process?c=0&p=0

 

The strange thing is that we have the same configurations on both separated systems.

Do you have any idea which configuration we are missing?


While i created the Question the forum added this questions two times --> https://community.bonitasoft.com/questions-and-answers/user-profile-user-can-not-perform-any-actions for more information :)

 

Thanks

 

Thanks :) 

So this should be a screenshot of the "newDummyUser" logged in while in the portal under processes.

<blockquote class="imgur-embed-pub" lang="en" data-id="a/dS3S795"><a href="//imgur.com/a/dS3S795">Bonita processes</a></blockquote><script async src="//s.imgur.com/min/embed.js" charset="utf-8"></script>

Everthing else is also empty. If I log in with my admin user i see processes and task etc.

Does your newDummyUser belongs to an Actor? portal side is normal that you do not see anything, as the user is not part of initiator actor.

Can you try to do this call setting newDummyUser id (you can get it calling /API/system/session/1)
../API/bpm/process?p=0&c=10&f=activationState=ENABLED&f=user_id=<USER_ID>

So i called the following with postman

http://bonita.dev.cloud.someCompany.com/bonita/API/bpm/process?p=0&c=10&f=activationState=ENABLED&f=user_id=604

and got an empty array and 200 status code. Is that right?

Yes, as far as you do not have processes you can start.

Can you set this user as part of an actor?

As an Admin, go to process, choose one, go to actor and find the initiator actor (name will depend ) and set this user in,

Logout and login with newDummyUser and if you re run the call you should see this new process

 

Ok done.

So now I get the following response --> 
 

[

    {

        "displayDescription": "",

        "deploymentDate": "2020-04-03 08:31:23.909",

        "displayName": "ProcessName",

        "name": "ProcessName",

        "description": "",

        "deployedBy": "30",

        "id": "7374670243020959278",

        "activationState": "ENABLED",

        "version": "4.2.1",

        "configurationState": "RESOLVED",

        "last_update_date": "2020-04-03 08:31:28.523",

        "actorinitiatorid": "624"

    }

]

 

Hm that seems to work. So now the user should also be able to start a new task?

I gave the newDummyUser all Actors that are available (don't know the initiator actor) but I know that these actors do not have any admin rights.

This mean that every new user created need at least one actor affiliation? That should also work with an membership of a group, if the group is part of initiator actor?

Hi,

As user profile you need to be part of the actor mapping to execute a task or instantiate a process.

Give a look to this:

https://documentation.bonitasoft.com/bonita/7.10/actors