CQ5.2.x: Error Accessing Notification Inbox

Symptoms

When a user is created (via CQ or LDAP), the user cannot access his/her Notification Inbox unless the user is a member of user-administrators (or priviledge-administrators) group. What permission is necessary to be granted to user to see his/her own Notification Inbox without giving them user administration privileges?

Furthermore, following error is thrown in the log when the user try to access the Notification Inbox:

26.10.2009 15:42:41.833 *ERROR* [127.0.0.1 [1256586161833] GET /bin/wcm/notification/inbox/messages.json HTTP/1.1] com.day.cq.wcm.notification.inbox.impl.InboxServlet Unable to query inbox for user xxxxxx javax.jcr.AccessDeniedException: xxxxxx not allowed to access UserManager

Cause

By default, a user has full permission to access his/her home-folder in the crx.default workspace. Standard users do not have access to the crx.system workspace. When access the Notification Inbox, there is an additional check in the code that throws an AccessDeniedException if the user does not have access to the crx.system workspace.

Thus, only users that are member of (1) administrators, (2) priviledge-administrators or (2) user-administrators group won't be able to change his/her Notification Inbox.

Resolution

The current workaround is to create a new group and grant workspace access to crx.system. The user should be added to this group.

  1. Accessing the crx.system workspace with the admin account
  2. Open the Content Explorer
  3. Navigate to "/rep:workspaces/crx.system"
  4. Use the "Security" button to allow the new group access to this repository

Applies to

CQ 5.2.1

 Adobe

Get help faster and easier

New user?

Adobe MAX 2024

Adobe MAX
The Creativity Conference

Oct 14–16 Miami Beach and online

Adobe MAX

The Creativity Conference

Oct 14–16 Miami Beach and online

Adobe MAX 2024

Adobe MAX
The Creativity Conference

Oct 14–16 Miami Beach and online

Adobe MAX

The Creativity Conference

Oct 14–16 Miami Beach and online