Error processing your request: The operation was rejected because of access control policies. (Network Steve Forum)

Error processing your request: The operation was rejected because of access control policies.

Am unable to add any staffs to the security group. It pop's for the below mentioned error,

Error processing your request: The operation was rejected because of access control policies.

Reason: The server workflow rejected the operation.

Correlation Id: 6ebb20f7-9807-4db8-a412-8a80cc1fa829

Request Id: 6d05799f-3c92-410c-88c1-accb8f0d64a5

Details: The Workflow Instance 'fbcef8fb-4524-4deb-9af3-c03ca7a7b93e' encountered an internal error during processing. Contact your system administrator for more information.

May 6th, 2015 10:48pm

You need to make sure that the user running this process has rights to both the group and user. If you look at the requests, there should be a failed one and that will also have a reference to the MPR that is failing, or simply would say "No MPR grants access"

Free Windows Admin Tool Kit Click here and download it now

May 7th, 2015 9:35am

The request status is Denied but it is not in failed status and am unable to track which MPR is failing. Do you have any solution for this.

May 11th, 2015 4:22am

Well. denied (is same as failure).

This means there is no MPR to grant such access.

So you need to check and make sure (if not there create)

1. Edit (Existing one) or Create a new MPR that grants read access to Staff (select all attributes)

2. Edit (Existing one) or Create a new MPR that grants modify access to Security Group Object (select all attributes)

If you are unsure how this works, please let me know.

Free Windows Admin Tool Kit Click here and download it now

May 11th, 2015 9:09am

Thanks for the reply.

I have checked all the MPR that triggers while adding a staff to the group. They have relevant access to add to the group. Could you please help me as am new to FIM and assist me in creating a new MPR so that this error disappears.

Thanks.

May 12th, 2015 6:51am

If you are so new to FIM you don't know how to create a new MPR you should really read the relevant FIM documentation before asking this group for help.

https://technet.microsoft.com/en-us/library/ee534905(v=ws.10).aspx

Regards,

Dave

Free Windows Admin Tool Kit Click here and download it now

May 12th, 2015 7:07am

As David said, this is not the place to learn the basics.

David used to teach FIM courses (Some very good ones), not sure if he still does, but he can point you to the right direction.

It is also not a good idea to base your decision making on forum opinions, such as mine, but if you need to know how more about MPRs, please read here. https://technet.microsoft.com/en-us/library/ee534902(v=ws.10).aspx MPR stands for Management Policy Rule.

Most the MPRs you need are there already, you just need to Enable them, as described in this article.

May 12th, 2015 8:57am

This topic is archived. No further replies will be accepted.