Error 403: Access denied Can't relate with forbidden Team record read access required

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • scalisto
    Junior Member
    • Nov 2021
    • 19

    Error 403: Access denied Can't relate with forbidden Team record read access required

    After migrating EspoCRM from CentOS to Ubuntu 22.4 and upgrading to version 7.4.6, I've noticed that some users are having problems with permissions.

    All users who are not EspoCRM members of a specific role are unable to create new fields in the CRM (even if they are allowed in the role part) and receive the error "Error 403: Access denied Can't relate with forbidden Team record. read access required.", but they can only change them.
    I did a test and, when I changed a user with the "DSSI MZ" role to "DSSI PT", this user was able to create the field.

    Almost all the roles have the same permissions, but only one is working.
    I thought about recreating the affected roles, but the existing records for the users will be deleted (right)?

  • abidoss
    Senior Member
    • Mar 2023
    • 230

    #2
    Permissions


    The files and directories should have the following permissions:
    • data, custom, client/custom – should be writable all files, directories and subdirectories (664 for files, 775 for directories, including all subdirectories and files);
    • application/Espo/Modules, client/modules – should be writable the current directory (775 for the current directory, 644 for files, 755 for directories and subdirectories);
    • bin/command – should be executable (754);
    • all other files and directories should be readable (644 for files, 755 for directories).

    To set the permissions, execute these commands in the terminal:
    cd <PATH-TO-ESPOCRM-DIRECTORY>
    find . -type d -exec chmod 755 {} + && find . -type f -exec chmod 644 {} +;
    find data custom client/custom -type d -exec chmod 775 {} + && find data custom client/custom -type f -exec chmod 664 {} +;
    chmod 775 application/Espo/Modules client/modules;
    chmod 754 bin/command;

    Comment

    • scalisto
      Junior Member
      • Nov 2021
      • 19

      #3
      I've done that too, but if I do it with the user I installed EspoCRM with, I get the message "Operation not permitted" in all the files and directories, even when I put sudo first. For example, this one:

      chmod: changing permissions of 'client/modules': Operation not permitted

      Comment

      • abidoss
        Senior Member
        • Mar 2023
        • 230

        #4
        Try with root

        Comment

        • rabii
          Active Community Member
          • Jun 2016
          • 1250

          #5
          Originally posted by scalisto
          After migrating EspoCRM from CentOS to Ubuntu 22.4 and upgrading to version 7.4.6, I've noticed that some users are having problems with permissions.

          All users who are not EspoCRM members of a specific role are unable to create new fields in the CRM (even if they are allowed in the role part) and receive the error "Error 403: Access denied Can't relate with forbidden Team record. read access required.", but they can only change them.
          I did a test and, when I changed a user with the "DSSI MZ" role to "DSSI PT", this user was able to create the field.

          Almost all the roles have the same permissions, but only one is working.
          I thought about recreating the affected roles, but the existing records for the users will be deleted (right)?

          Check if those users inherits permissions from roles assigned to their teams.

          if the data is assigned properly to the users, it should not affect how data is assigned if you created a new roles. I suggest you create new roles assign them and then remove old roles.
          Rabii
          Web Dev

          Comment

          • yuri
            Member
            • Mar 2014
            • 8453

            #6
            In Roles, give 'read' access for the entity Team.
            If you find EspoCRM good, we would greatly appreciate if you could give the project a star on GitHub. We believe our work truly deserves more recognition. Thanks.

            Comment


            • scalisto
              scalisto commented
              Editing a comment
              I saw that the Teams entity was deactivated for almost all functions. I activated it and gave the "team" read access.
              After that, it worked!
          Working...