Access denied to entity atributte

i have not permission for screen i checked all permissions from admin panel

Cuba returns me error in bellow when i’m opening the screen.

20:56:15.129 ERROR c.h.cuba.core.sys.ServiceInterceptor    - Exception in DataService.loadValues(..): com.haulmont.cuba.core.global.AccessDeniedException: ENTITY_ATTR ref_Position.pos.name
20:56:15.168 ERROR com.haulmont.cuba.web.log.AppLog        - Exception in com.haulmont.cuba.web.widgets.CubaMenuBar: com.haulmont.cuba.core.global.AccessDeniedException: ENTITY_ATTR ref_Position.pos.name

Cuba version 7.2.11

<keyValueCollection id="averageAgeDc">
            <loader id="averageAgeDl">
                <query>

                    <![CDATA[
                      select
                       pos.name as positionName,
                       sum( extract(year from CURRENT_DATE) - extract(year from c.birthDate) ) / count(c.birthDate) as averageAge,
                       count(c.birthDate)
                            from jobster_Person c join c.position pos
                        where c.completed = true and c.birthDate is not null and FUNCTION('check_date_format',c.birthDate)=true group by pos.name
                    ]]>

                    <condition>
                        <and>
                            <c:jpql>
                                <c:where>c.branch=:branch</c:where>
                            </c:jpql>
                            <c:jpql>
                                <c:where>c.position=:position</c:where>
                            </c:jpql>
                            <c:jpql>
                                <c:where>c.fillDate >= :fromDate</c:where>
                            </c:jpql>
                            <c:jpql>
                                <c:where><![CDATA[c.fillDate <= :toDate]]></c:where>
                            </c:jpql>
                            <c:jpql>
                                <c:where>c.personType=:personType</c:where>
                            </c:jpql>
                        </and>
                    </condition>
                </query>
            </loader>
            <properties>
                <property datatype="string" name="positionName"/>
                <property datatype="decimal" name="averageAge"/>
                <property datatype="decimal" name="count"/>
            </properties>
        </keyValueCollection>

All perissions given to the entity and screen.
When i’m loged in with admin role , it works. But i’m logged in with another tenant user cuba gives me this error.
Can you advice me please.

!

Hi.

Could you please show how you configure tenant user role? Probably the problem occurs due incorrect adding permissions to user.
More information about managing tenants.

Regards,
Nadezhda.

The entity in query is extends from the abstract class. If I use the parentClass fields, it does not allow access. It works if I use the entity’s own fields.
As you mentioned above about role, that user has Defaul-tenant-role.

It works if I use query through Service. It doesn’t work if I do it in XML

Unfortunately, we cannot reproduce the problem. We will be able to help you if you send us a small sample project along with a reproduction scenario that demonstrates the issue.

Regards,
Nadezhda.

I made exmaple project for this issue

testapp.zip (1.7 MB) testapp-db-backup.zip (20.4 KB)

App
login - user
password user

postgresql db
role - testapp
login - test
password - test

when you open reports->student report page logged as “user” appears error, when logged as admin it works.

Hi.

Thank you for example, the issue was reproduced.
We have created a Github issue.

By the way, issue can be resolved by creating a role with role designer in Studio. In this case you should add permission to parent entity:

image698×248 9.21 KB

After that run application and as admin add this role to your user.

Regards,
Nadezhda.

thank you so much we will continue to use this solution until the problem is fixed