Error 403: Access denied for Admin User

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • mukws
    Junior Member
    • Jun 2022
    • 5

    Error 403: Access denied for Admin User

    My Admin User cannot perform any actions. I keep getting Error 403 all the time. All folder permissions are correct and in the Roles section, admin roles are all available but I cannot perform most actions except creating users. Can't change their permissions, can't change edit Meeting fields.

    My logs do not provide any information regarding why I do not have any permissions working.

    Any help?
    Click image for larger version

Name:	image.png
Views:	628
Size:	45.5 KB
ID:	82008
  • Vadym
    Super Moderator
    • Jun 2021
    • 345

    #2
    Hi mukws,

    Tell me please what EspoCRM version do you use?
    Provide a screenshot of the user configuration (Administration -> Users) to investigate this issue in more detail.

    Also, try to clear cache and rebuild your instance.

    Comment

    • mukws
      Junior Member
      • Jun 2022
      • 5

      #3
      I am currently using Espo 7.1.10, recently upgraded from 7.1.6

      The default admin user has full access to all aspects of the application I believe. This is the default user I created while creating my instance of the application.
      This very user was able to do all this just a few weeks back. I am trying to look for the change I could have made to cause this behavior but I cannot find anything concrete.

      All Roles permissions are avaliable to the admin user but I am not able to change any config parts of the app. I am however able to create new records and new users as well but cannot seem to edit users, or edit Entities in the Entity Manager

      I have tried clearing cache and rebuilding as well but it is unfortunately not making a change.

      Click image for larger version

Name:	image.png
Views:	579
Size:	143.4 KB
ID:	82036
      Click image for larger version

Name:	image.png
Views:	528
Size:	45.4 KB
ID:	82037

      Comment

      • lazovic
        Super Moderator
        • Jan 2022
        • 809

        #4
        Hi mukws,

        In the data folder there is a config-internal.php file, please copy the defaultPermissions values ​​from this file ​​and paste it in your answer.

        Comment

        • mukws
          Junior Member
          • Jun 2022
          • 5

          #5
          This is what I have in that section currently

          'defaultPermissions' => [
          'user' => 1000,
          'group' => 1000
          ],

          Comment


          • DashingUno
            DashingUno commented
            Editing a comment
            Please correct me if I'm wrong, but UID and GID 1000, is the first non-root user created on the system, but for EspoCRM - according to https://docs.espocrm.com/administrat...configuration/
            webserver process ownership is preferred. Which would explain your current permissions issue.
            Please try to change 1000 - to your webserver process, if your distribution is ubuntu/debian based, that would most likely be www-data with UID and GID of 33, if you are on an alpine based container then try 82.

            This solution worked for us when we migrated from Sprinthost to being selfhosted, we had all sorts of permission issues until I realized that our config-internal UID and GID were different from system webserver process, after we set it to 33, everything worked out
        • mukws
          Junior Member
          • Jun 2022
          • 5

          #6
          I have been trying out all sorts of avenues with what you provided but the same error persists. I used
          Code:
          id -u webuser
          to try and get the UID and GID of my webserver user and I added them to the config-internal.php file.

          Even other admin users are also now facing an issue of 403 access denied yet they are super admin users

          Comment

          Working...