You are not authorized to access this component. (40,20)

I once had a very dreadful day at office breaking my head trying to solve what looked like a very simple security issue. ‘You are not authorized to access this Component (40,20)’. If you are having one such distressing day today, then don’t worry, you have landed at the right place and we are going to fix this right away.

This is one of the most prevalent security issue in Peoplesoft faced by every Peoplesoft developer atleast once in their lifetime. We have prepared a simple checklist indicating all the possible scenarios where this issue could happen with quick solutions for the same.

    Security Access:

   First and foremost, check whether you have access to the component/page you are trying to access. Use the following query to verify if you have access.

SELECT R.rolename ,

  RC.classid

FROM psroleuser R ,

  psroleclass RC

WHERE RC.Rolename = R.Rolename

AND R.roleuser    = '<OPRID>'

AND RC.classid   IN

  (SELECT CLASSID

  FROM psauthitem AUTH

  WHERE AUTH.baritemname='<COMPONENT_NAME>'

      AND AUTH.pnlitemname  ='<PAGE_NAME>'

  )

Non-existing permission list assigned to the role:

There will be instances where a permission list exists in a role but not in the database. This usually happens when project is migrated from one database to another but does not include the permission list. Use the below query to identify if you have any such permission list missing.

Select R.rolename

, RC.classid

From psroleuser R

, psroleclass RC

Where RC.Rolename = R.Rolename

And not exists

(Select 'X' from psclassdefn C

Where C.classid = RC.classid)

-- And R.roleuser = '<OPRID>'

Still not able to access? Why not try running the Portal Security Sync process from the following Navigation.

  PeopleTools - Portal - Portal Security Sync

Issue with Transfer function:

There are scenarios where the system should change the flow of transaction from one component to another using Transfer function. In such cases, verify if the below points are taken care.

   i) Have you specified the correct action mode while using Transfer function?

    Transfer( False, MenuName.DEFINE_PAYROLL_PROCESS, BarName.SETUP,             ItemName.ACCOUNT_CODE_TABLE, Page.ACCT_CD_TABLE, "L", &Parmrec); 

As you see in the above example, the component is registered in ‘Update/Display’ and ‘Correction mode’, whereas Transfer function is trying to access this component in ‘Update/Display All’ mode, which is not correct. Accessing this component in ‘Add’ or ‘Update/Display All’ mode using Transfer function will result in this Security issue.

ii) Have you specified the correct ItemName in Transfer Function? People often tend to misinterpret ItemName with Component name, which is incorrect.

Transfer( False, MenuName.DEFINE_PAYROLL_PROCESS, BarName.SETUP, ItemName.ACCT_CD_TABLE_NEW, Page.ACCT_CD_TABLE, "U", &Parmrec);

As you see in the above example, Item Name is ‘ACCOUNT_CODE_TABLE’ and component name is ‘ACCT_CD_TABLE_NEW’.

The correct way of writing this Transfer function function is:

Transfer( False, MenuName.DEFINE_PAYROLL_PROCESS, BarName.SETUP, ItemName.ACCOUNT_CODE_TABLE, Page.ACCT_CD_TABLE, "U", &Parmrec);

    Mostly by now, you should have been able to fix this issue. If you are still reading this point, then I would suggest you to clear the application server cache and reboot the server and try again.