Hello!
So we have starting using SSO connected to AD for our Citizen hub users.
We have created a new system on another application environment that is full connected to the citizen hub environment.
When the use logs in, they are set up with the user role “Agent” agent has full read and write permissions.
when the user attempts to create a new request, it creates a record, but then errors when the first rule is triggered with the error “You cannot modify “CASE” records”
If I change the user role to Build administrator, it works fine. And anyone point me in the direction of the solution to allow the user role “Agent” to modify records and trigger rules.
Hi,
There are a couple of places you should check the permissions:
Firstly the CASE Object’s Permissions tab, check that the role in question (“Agent”) shows as having Read & Write access.
This also need to apply to any other object’s involved in the rule to create the Case. So if it is being created down a relation path for example, the role needs Write access to all objects along that path, not just the final object.
Then check for any Restrictions (under Security) where certain event actions (such as record creation) can be limited by role or privilege.
Just to clarify why it’s important to check the Object permissions. The Role itself may be set to have Read & Write access for all objects (which you’ll see in the Role’s Default Permissions tab), but that is only the default setting (used when creating a new Object for example).
This can then be overriden or revoked on a per-Object basis, which you won’t tell from that tab, but will see in each Object’s Permissions tab.
You can also check the Specific Permissions tab within the Role, which will show any Object permissions which are different to their defaults, i.e. where it has been overridden for specific Objects.
I’ve just added an idea to make this clearer from the Default Permissions tab, as it is easy to forget to also check the Specific Permissions tab… https://ideas.netcall.com/i/ideas/p/feature/vote/idea/view?context_record_id=1569769
Morning Bob,
Thanks for your reply,
I have just opened all data Object and had a look at permissions. they are all set to Default Role. This was the firs thing I check.
one thing to add is we are using group subsets to allow access to pages. Not sure if that would effect anything, but like I mentioned works perfect as build administrator user role with the user being in the relevant groups.
No, page permissions would not generate that specific error message, that is only shown when you don’t have Write permissions for an Object.
I’m not sre what else to reommend checking, it will be hard to diagnose without seeing your exact setup. If you can’t get any further you can raise a support ticket here: https://community.netcall.com/support/
On a related note you might want to vote or add comments to this Idea, which is specifically aimed at helping debug this exact situation:
https://ideas.netcall.com/i/ideas/p/feature/vote/idea/view?context_record_id=2219
Thanks again bob, ill raise a ticket.