Scripting disabled even though I am admin

eduque · ‎02-20-2017

Hi everyone,

Ever since we updated to Istanbul all scripting across our implementation has been disabled. I receive this error:

"Using script is only allowed by admin. Please contact System Administrator"

(I am already an admin).

whenever I try to input a javascript string into any field. Additionally all script fields within the interface and within things like workflow editor are grayed out. Scripts we wrote previously still work but we can no longer add any new script or edit any previous scripts. Does anyone know what might be going on?

Thank you!

Patrick Schult2 · ‎02-20-2017

I'd suggest double-checking the account you are logged in with actually has the 'admin' role. If it does, enable Security Debugging to get a detailed explanation of why you cannot write to the script field in question. Once you find the offending ACL, ensure you haven't customized it in some way, and if you have, roll it back to out-of-box, or re-work the customization.

If you are working inside of a scoped application, ensure that you have permissions to use scripting in that scope. That's Delegated administration.

More info on security debugging: Access control rules debug

View solution in original post

Patrick Schult2 · ‎02-20-2017

I'd suggest double-checking the account you are logged in with actually has the 'admin' role. If it does, enable Security Debugging to get a detailed explanation of why you cannot write to the script field in question. Once you find the offending ACL, ensure you haven't customized it in some way, and if you have, roll it back to out-of-box, or re-work the customization.

If you are working inside of a scoped application, ensure that you have permissions to use scripting in that scope. That's Delegated administration.

More info on security debugging: Access control rules debug

eduque · ‎02-20-2017

looking at the security debugging, this is the two errors I'm seeing:

would you be able to help me understand/interpret this?

I am unsure of what RC is supposed to be.

Patrick Schult2 · ‎02-20-2017

I believe RC indicates "Rule Cached" - indicating it was previously evaluated. That's a guess, but I don't think it has a lot of bearing in this situation. The debug output in your screenshot clearly indicates you are failing the sys_script_include.script/write rule, which you need to pass in order to input data into a Script Include's Script field.

Like the screenshot shows, you can click on that link and jump to the ACL in question. That will tell you exactly what the criteria is for that. I checked an OOB instance, and it appears that you only need script_include_admin (or full admin) in order to write to this field - compare that to your instance.

If you believe you have script_include_admin, or the admin role, then open up a background script and verify the system thinks you have that role by running this command - you will expect an output of "true" if you do actually have the role.

gs.info("Has admin? {0}", gs.hasRole('admin'));

gs.info("Has script_include_admin? {0}", gs.hasRole('script_include_admin'));

Prakriti Kumari · ‎08-07-2024

Hi,

I have checked the debugging as well. I have all the necessary ACL permissions, I am the admin of the instance, and I also have the script_include_admin role. However, I am still encountering the error mentioned above.