What context policy do you have set up for non-sudo users for the mgr?
From memory they’d need at minimum create and new_document, for the other resource types they now also need new_symlink, new_weblink, new_static_resource in the mgr context policy.
This might be a result of the Policy Template you used for the Context Access Policy you created for your non-sudo users. For example, if you used the ContextTemplate, ResourceTemplate, or ElementTemplate instead of the AdministratorTemplate, the users couldn’t have the permissions markh listed.
Thanks for your answers and hints, markh and bobray!
create, new_document, new_symlink, new_weblink and new_static_resource are in the editor Context Access Policy of mgr context.
My usual approach of starting with full admin rights and reduce them step by step didn’t work here.
Even if I assign administrator Context Access Policy for mgr context, I still get the error message above.
Unfortunately I wasn’t able to see any log entries. How would you debug this?
Can you show a screenshot of your user group > permissions > context access for both the affected and admin user groups, and also show the user group/role assignment for an affected user?
After backing up I yesterday tried to deactivate a few extras to check if they are the cause for this issue.
However, two of the extras could not be deactivated. Redactor and Content Blocks. Today it seems, that both extras are not active (but still not correct deactivated in installer) and now I’m getting a blank page when I try to edit existing resources with non-sudo users.
Try deactivating their respective plugins in the Elements tab. Likely the uninstall failed for some reason (license?), removing the files but not the plugins leaving you with a partial install.
In your permissions, try replacing the Administrator policy on the web context with the standard Context policy?
Removing cleanly and reinstalling Redactor and ContentBlocks works now. You were right, it should have been a licence issue.
Replacing the Administrator policy on the web context with the standard Context policy is useful, but unfortunately has not brought anything.
Now I could break it down to Redactor. If I uninstall it, non-sudo users can see the new-resource-form. If I install it, I still get: An error occurred…Access denied.
Hmm… interesting… after uninstalling Redactor and ContentBlocks, both respectively leave behind a Context Access-entry with blank Access Policy. Is that how it should be?
If I leave this old entry with blank Context Access-entry from Redactor and reinstall it, non-sudo users can create resources. Does this perhaps help to isolate the cause?
The Redactor and ContentBlocks policies/permissions only affect their respective component pages - I struggle to see how those would have any impact at all on creating a new resource. However if you believe Redactor is the differentiator here between when it works and when it doesn’t, please email [email protected] with an admin and an affected login and I’ll take a look.
Thanks a lot, Mark.
So far I think it still has to do with Redactor at least and emailed you the needed credentials last wednesday. I am curious to find out exactly what the problem is. At least (with the empty access policies from removing redactor) I have a temporary workaround, therefore… no hurry.
