Role assignment Not Working because access denied

Created on 24 March 2025, 12 days ago

Problem/Motivation

Build a model to test role assignment with the event "Update content entity" (user | - any-9

Used the action "Add a role to the selected users" to add a defined role "applicant" to the user, for testing purposes without any condition.

The ECA-log on debug mode says:
> Access denied to grant role applicant (Activity_01bph1v) from ECA Add Role after User update (process_ydbmptt) for event eca.content_entity.update

I don't get why access for the action is denied even though in /admin/config/workflow/eca/settings I set User-ID "1" for the option "Execute models with user". Did I miss anything or is it a bug?

Steps to reproduce

Proposed resolution

Remaining tasks

User interface changes

API changes

Data model changes

💬 Support request
Status

Active

Version

2.1

Component

Miscellaneous

Created by

🇩🇪Germany alina_herbst

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @alina_herbst
  • 🇩🇪Germany killah89 Schneverdingen

    Try to use "Switch user account" and choose the user with privileged permissions to set a role, instead of "execute models with user".

  • 🇩🇪Germany jurgenhaas Gottmadingen

    Agreed, @killah89 is right. That setting to globally execute ECA as a specific user is not longer considered a good idea. It comes with too many negative side effects. Switching user explicitly when needed is much better.

    And on a separate note: when you start with the "Update entity" event and then update that entity again, you run into a recursion. That's what you also want to avoid. You should instead start with the "Presave entity" event.

  • 🇩🇪Germany alina_herbst

    Aha ok, thanks for the hints. Unfortunately, I still can't get it to work, and I don't understand why. Here's my model with an attempt to assign the content_editor role. Can anyone please have a look?

    I expected that after updating a user, they would receive the role unconditionally.

  • 🇩🇪Germany jurgenhaas Gottmadingen

    There are a few issues with that model:

    • When you use the pre-save content entity event, you need to avoid that this entity will be saved in the subsequent actions, because you can't save an entity while it is already in the process of being saved.
    • That means you can't use the "Add user role" action because that would save the entity.
    • And you can use the "Save entity" action. The entity will be saved anyway, that's what the whole context of that pre-save event actually is.
    • When you switch the user, the user token will be that new user and no longer the one that you want to add a role to.
    • Therefore you need to save the user entity to a token first, then switch to the other user, and then add the role to the user in your own token.

    The good news is, there is a complete sample model which does exactly that, see Add role to inserted or updated user.

  • 🇮🇳India prabha1997

    @jurgenhaas with out storing token value it will work
    here i have implemented same model please check this

  • 🇩🇪Germany alina_herbst

    @jurgenhaas thanks for looking and the informations. I see I have to learn to use properly the right event. I will have a look at the linked sample model.

    @prabha1997 your model presented in #7 works for me. I was surprised to see that your action "Entity: set field value" also works.

Production build 0.71.5 2024