No ratings

4408 [USERNAME] from 127.0.0.1:7 does not have rights to Start Process [PROJECTNAME][PROCESSNAME]




Symptoms


Client uses the SharePoint Members group and assign Workflow Start rights to a process.
Inside the SharePoint Members Group they assigned the "All Users (Membership)"

Each user attempting to start the process receives the following error:
4408 [USERNAME] from 127.0.0.1:7 does not have rights to Start Process [PROJECTNAME][PROCESSNAME]

Diagnoses


Upon investigation, the "All Users (Membership)" entry in the group is defined as "c:0!.s|forms:membership" and does not explicitly reference AAD/SP accounts.
Because of this, there is no reference for Appit when it leverages the group to assign permissions to the specific AAD/SP users, so no permissions are being assigned


Resolution

The client indicated that they worked around this permissions issue by searching for a group called "all" in the workflow context and added it to the workflow permissions.
I have created a bug for investigation.





Version history
Last update:
‎07-19-2016 05:52 AM
Updated by:
Contributors