One of the most frustrating things to see is an Access Denied error, because, usually, you were supposed to have the clearance to perform the action you are being blocked for.

This week, I received a request saying that an Application Access Denied error was popping up when trying to Attach an item in Sitecore. And here is how the error looks like.

Server Error in ‘/’ Application.
Application access denied.
Description: An unhandled exception occurred during the execution of th current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: Sitecore.Exceptions.AccessDeniedException: Application access denied.

It is possible to check for the error in Application Insights, and occurs during the operation GET /sitecore/shell/Applications/Dialogs/Attach/Attach2.aspx

Initial verification

Check User Membership

Let’s check which permissions the user has by going to User Manager

Then find the user, click twice to open its information, and choose Member Of tab

Check Role Permissions

Since we now know which Role the user is assigned to, let’s go back to Sitecore Experience Platform and go to Desktop

At your bottom right, click in master and then in Core. This is going to change the database context.

Navigate to Sitecore icon, Security Tools, and click in Access Viewer

In Access Viewer’s window, click in Account, search for the correspondent Role the user is assigned, in my case sitecore\Author, select it and press OK

Now, expand Applications > Dialogs and look for Upload. Please note the Read permission is being denied and that’s the reason the user is getting the Access Denied error.

By clicking at the Read permission, you will notice, at your right, that Sitecore shows the properties of access rights for the item

The permission is being inherited from Everyone, and since this is a fresh Sitecore 9.1.0 installation, this is a default security setting.

Solving the issue

There are two different ways to address this issue: you can either remove change the inheritance by removing or allow the inheritance permission you want OR add the Read permission to the Upload Item

Removing the inheritance / Allow inheritance permission

In the Access Viewer, select the Upload item, click Assign

Select Everyone

And now, you can either Remove the Inheritance from Everyone by pressing the Remove button OR you can choose to change the Inheritance from Deny the item to Allow the item

And finally, press OK

Add Read permission

In the Access Viewer, select the Upload item, click Security Editor

Find the Upload item, and select it, then click in Allow option in the Read permission and press the X to close

Check with the user

Voilá! It is working now

I hope you liked it, and I’ll see you on my next post!

Photo by Kelli McClintock on Unsplash