Incident Metric Report: "Security constraints prevent access to requested page" for Metric Admin, ITIL, and ITIL Admin role users

jhill1 · ‎07-07-2016

When running an Incident Metric Report that shows re-resolved incidents (Resolved_By has been updated) in a bar graph, grouped by user, users are getting:

"Security constraints prevent access to requested page"

but only when they try to double-click the bar graph on the report, to drill-down to the list of incidents. They can run the report, but trying to see the details of the results get this warning.

I've opened up all the ACLs for read access for the roles, and I am not showing any Red "X"es in the Security Debugger.

Is there any way to see what exactly is restricted?

Admin, of course, works.

Thanks to all!

J

jhill1 · ‎07-08-2016

I figured it out... after a lot of "fun" ACL shenanigans:

I created twelve seperate create, read, write, and report_on ACLs for:

incident_metric_list (ui_page)
incident_metric.* (record)
incident_metric (record)

while with each one, putting the roles that I want to have access in "the Requires role" list inside each ACL.

Works like a charm.

Thanks to everyone's input and for encouraging me to stick with the ACLs as the issue, even though I was getting all Green Xes in the security debug.

J

View solution in original post

Travers M · ‎07-07-2016

ACL Troubleshooting - A visual beginners' guide

That's really all I have at this point and it has helped us pinpoint stuff in the past. If you've already followed all of those steps, I apologize

Also, a shout out to rfedoruk for a beautifully crafted piece of content

jhill1 · ‎07-07-2016

Hello Travers,

I had already followed those steps and gotten rid of all the Red Xes, but, thank you for that link. It gave me the idea to use two browser.. prior I kept going back and forth between Admin and User... that tip alone is GOLD and makes troubleshooting so much less frustrating!

J

jhill1 · ‎07-07-2016

All Green... but still error...

Michael Ritchie · ‎07-07-2016

Out of the box metric_instance records can be viewed with either the metric_admin or itil_admin role. Both of these roles do give additional capabilities so it may not make sense to give your users these roles. You can modify the metric_instance read ACL and add ITIL or whatever roles to this ACL to allow read access to the records.