Symptoms

When a user is created (via CQ or LDAP), the user cannot access his/her Notification Inbox unless the user is a member of user-administrators (or priviledge-administrators) group. What permission is necessary to be granted to user to see his/her own Notification Inbox without giving them user administration privileges?

Furthermore, following error is thrown in the log when the user try to access the Notification Inbox:

26.10.2009 15:42:41.833 *ERROR* [127.0.0.1 [1256586161833] GET /bin/wcm/notification/inbox/messages.json HTTP/1.1] com.day.cq.wcm.notification.inbox.impl.InboxServlet Unable to query inbox for user xxxxxx javax.jcr.AccessDeniedException: xxxxxx not allowed to access UserManager

Cause

By default, a user has full permission to access his/her home-folder in the crx.default workspace. Standard users do not have access to the crx.system workspace. When access the Notification Inbox, there is an additional check in the code that throws an AccessDeniedException if the user does not have access to the crx.system workspace.

Thus, only users that are member of (1) administrators, (2) priviledge-administrators or (2) user-administrators group won't be able to change his/her Notification Inbox.

Resolution

The current workaround is to create a new group and grant workspace access to crx.system. The user should be added to this group.

  1. Accessing the crx.system workspace with the admin account
  2. Open the Content Explorer
  3. Navigate to "/rep:workspaces/crx.system"
  4. Use the "Security" button to allow the new group access to this repository

Applies to

CQ 5.2.1

Dit werk is gelicentieerd onder de Creative Commons Naamsvermelding/Niet-commercieel/Gelijk delen 3.0 Unported-licentie  De voorwaarden van Creative Commons zijn niet van toepassing op Twitter™- en Facebook-berichten.

Juridische kennisgevingen   |   Online privacybeleid