Hi,

I am just wondering if someone else has stumbled around this issue in vRO 8 or 8.0.1.

The vRO web client is throwing an error 403 Forbidden when a parameter is passed to an action within the input form in a normal user (=non-admin) context.

If I remove the parameter, the error is not thrown anymore and the action is also being processed. So it seems somehow to be related to the passed parameter.

But it is independet to the parameter value. So if I pass a constant value or a binded field value the error is thrown anyway.

In vRO admin context everything just works, but if i login as a user, granted to the workflow and related action in AccessibleBy the error is thrown.

I've attached my sample scenario consisting of 1 workflow and 1 action which is linked in the input form of the workflow.

Both, the workflow and the action are completely static and don't have any interface to the vCenter or another API.

The workflow just logs "hello" and the action returns a static string array, which can be extended by the passed parameter.

The action is called "getStaticNamesTest" and the vRO executes it via this URL which throws the 403 error in user context:

/vco-controlcenter/client/api/platform/actions/com.module.test/getStaticNamesTest?params=inputParam

I don't know where to permit the user/group else. I permitted it on the workflow and on the action, which should be enough...

Regards,

Lukas