This is a bit baffling.
The test account in the Documentation Services group that's in the Change Administrator role (in the Team and in the Workflow) is sent a task.
They can see the task as normal in My Tasks, but when they open the task, the Details page displays
You do not have access to this object or it does not exist.
Thing is, if I reassign that task to another test account (wctest1) not in the Documentation Services group (who is in the Change Administrator role) they CAN see it. The Doc Service account cannot reassign the task, so I need to do that as Admin.
I cant think of any access to the Role that I have not already granted.
If I add the wctest1 to the Documentation Services group then nothing changes for that user so I don't think its an access control on that Change Administrator Role.
The only other clue is that the same test account (Documentation Services group in Change Administrator role) gets a (Secured information) when looking at the Assignee on the task.
The user in the Change Administrator role cannot see the Change Process in the Routing/Process History?
Perhaps there is an access control for workflows?
From the change object (try each - change request, change notice, change task), select Manage Security, then search for the specific user (green "+" icon) and look at their permissions. They may not have access at the current state.
Their workflow task remains and they can see it regardless of the access to the parent object (PBO) of the workflow process.
A useful and quick troubleshooting technique is to temporarily add them to the Manager Role of the context team where the data / change object is and see if that fixes it. If so, it's definitely a permissions issue.(ACLs).
Change Administrator has Full Control (at all States) for CR, CN and CA... as I have been trying everything I can think of.
Maybe that user doesn't have access to the "cabinet" where the objects are.
Is that user actually in the Change Administrator Role for this context?
Use the Green Plus, search for the user and show specifically for that user.
Is there a profile that got applied to the user that hides the object(s)?
Yes, the tester (my normal account) is in the Doc Control group that is in that Role in that Context. Like I said, the role that was not in the Doc Control who can see the task etc is added to the group nothing changes?
I have all the access control on the Role.
Can you explain Cabinet?
The Change Objects (CR and CN) are placed in a Folder in the BTE Product container.... could it be that Change Admin don't have access to see within the folder? But they can see the CN and CR, just not the task details page and team members....
Here is the Folder that the CR, CN's are in:
Not sure why Starkey name of Org dons't have access?
Little bit maddening but it feels so good once these puzzles get solved
I would still recommend:
A) Temporarily add the user to the Manager Role and test.
B) Use Manage Security and add the user specifically. Appears above that "Starkey" is the user in question and then have no checkboxes, so have to see if they really are in the group, etc. - trace one by one. As you say, it's also very odd that the Org Admin does not have access..
One other thought - see if this Product is configured as "Private" (from Product Details). If so, any ACL's at Org level will not be inherited.
I could get on a webex w/you to troubleshoot if you like - I do consulting like this on the side.
Thanks. I did try your suggestions. No luck.
I will keep plugging away at it on this dev site. We had our contact Datafrond do a PIAB install and perhaps that screwed up something.
I don't need this site and it will be refreshed soon so I don't NEED to solve this unless it appears again on the next install on our QA development site.. then I will be back.
Thanks for all your help Mike.
I noticed that all the test users who can not see the task are at Site level, those that can are Org level users.