Support Article
Directed Web Access submission gives Access Denied Message
SA-25268
Summary
Developer has configured an External Assignment where in the external user tries to submit the assignment, and they get an “Access denied” error.
Error Messages
Steps to Reproduce
1. Configure Directed Web Access (DWA).
2. In the section, include a button which performs "finish Assignment".
2. When the external user clicks on the submit button, "Access denied" message comes up.
Root Cause
For security reasons, the external assignment using DWA must be static - not generated or altered by JavaScript or other processing at runtime. Due to this restriction, the flow action cannot use AJAX, dynamic select, SmartPrompt, which require multiple server interactions. In the scenario which you have configured, an extra button performs an action "Finish Assignment".
DWA has it's own Submit and Cancel buttons (which do not require any extra actions or server interactions).
Here is the explanation for the reported behavior.
- DWA can be configured for obtaining some inputs from external parties through email. Most likely for data entry using Text fields, Radio Buttons, Checkbox, dropdowns and so on.
- When the recipient clicks this link, a browser session opens and submits a one-time-only signature token to the Process Commander server. Process Commander evaluates the token to authenticate the external user and displays the assignment in browser window. The user completes and submits the requested information, which ends the requestor connection. The link can be used only once.
- For security reasons, the external assignment using DWA must be static and not generated or altered by JavaScript or other processing at runtime. Due to this restriction, the flow action cannot use AJAX, dynamic select, SmartPrompt, which require multiple server interactions.
- In this case, clicking on custom "Submit" button which performs "Finish Assignment", involves an extra action to be performed by the external user. Since, external user does not have any access to perform any actions except DWA configured "Submit and "Cancel", it gives you "Access Denied" message.
Resolution
That is an expected behavior in this scenario. Since when the user is trying to perform "Finish Assignment" on click of the button, it means that the external user is trying to perform server interaction which is not allowed in DWA. Hence, is the error message during execution "Access Denied".
Out-of-the-box (OOTB) "Submit" and "Cancel" buttons should be used for the external user.
Other configured buttons might cause server interactions and hence result in access denied error.
Published July 15, 2016 - Updated October 8, 2020
Have a question? Get answers now.
Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.