Announcement

Collapse
No announcement yet.

Error 403: Access denied for Admin User

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Error 403: Access denied for Admin User

    My Admin User cannot perform any actions. I keep getting Error 403 all the time. All folder permissions are correct and in the Roles section, admin roles are all available but I cannot perform most actions except creating users. Can't change their permissions, can't change edit Meeting fields.

    My logs do not provide any information regarding why I do not have any permissions working.

    Any help?
    Click image for larger version Name: image.png Views: 602 Size: 45.5 KB ID: 82008
    Tags: None
  • #2
    Hi mukws,

    Tell me please what EspoCRM version do you use?
    Provide a screenshot of the user configuration (Administration -> Users) to investigate this issue in more detail.

    Also, try to clear cache and rebuild your instance.

    Comment

    • #3
      I am currently using Espo 7.1.10, recently upgraded from 7.1.6

      The default admin user has full access to all aspects of the application I believe. This is the default user I created while creating my instance of the application.
      This very user was able to do all this just a few weeks back. I am trying to look for the change I could have made to cause this behavior but I cannot find anything concrete.

      All Roles permissions are avaliable to the admin user but I am not able to change any config parts of the app. I am however able to create new records and new users as well but cannot seem to edit users, or edit Entities in the Entity Manager

      I have tried clearing cache and rebuilding as well but it is unfortunately not making a change.

      Click image for larger version Name: image.png Views: 550 Size: 143.4 KB ID: 82036
      Click image for larger version Name: image.png Views: 500 Size: 45.4 KB ID: 82037

      Comment

      • #4
        Hi mukws,

        In the data folder there is a config-internal.php file, please copy the defaultPermissions values ​​from this file ​​and paste it in your answer.

        Comment

        • #5
          This is what I have in that section currently

          'defaultPermissions' => [
          'user' => 1000,
          'group' => 1000
          ],

          Comment

          • DashingUno
            #5.1
            DashingUno commented
            08-15-2022, 11:41 AM
            Editing a comment
            Please correct me if I'm wrong, but UID and GID 1000, is the first non-root user created on the system, but for EspoCRM - according to https://docs.espocrm.com/administrat...configuration/
            webserver process ownership is preferred. Which would explain your current permissions issue.
            Please try to change 1000 - to your webserver process, if your distribution is ubuntu/debian based, that would most likely be www-data with UID and GID of 33, if you are on an alpine based container then try 82.

            This solution worked for us when we migrated from Sprinthost to being selfhosted, we had all sorts of permission issues until I realized that our config-internal UID and GID were different from system webserver process, after we set it to 33, everything worked out
        • #6
          I have been trying out all sorts of avenues with what you provided but the same error persists. I used
          Code:
          id -u webuser
          to try and get the UID and GID of my webserver user and I added them to the config-internal.php file.

          Even other admin users are also now facing an issue of 403 access denied yet they are super admin users

          Comment

          Previous template Next
          Working...
          X