Summary
This article provides a solution for errors thrown when user not part of "Site Administrators" modifies or requests data for users.
Error
In Application Lifecycle Management (ALM) an error is thrown when a user out of Site Administrators / TD_Admin user group/ tries to add user to a project from Customization - "Add User from Site":
“External component has thrown an exception”
When user with the same permissions executes workflow script which tries to obtain details of all users an error "Specific cast is not valid" will be thrown. ALM logs is containing the below error:
"Access denied. Only project administrator can call GetUserPropertiesInSite request."
Cause
As of ALM 12.XX a new Site Parameter is introduced to control the access to users' details - "USER_PROPERTIES_ACCESS_LEVEL".
This change is intended to improve the security by controling whether non admin user can obtain details of users in the system directly or through scripts/API.
Fix
By default the parameter is hidden and is with value "ADMINS_MINIMAL".
Possible values for "USER_PROPERTIES_ACCESS_LEVEL" parameter:
"ALL" - All the fields in users table will be available if requested.
"MINIMAL" - All the fields in users table except user password will be available if requested.
"ADMINS_ALL" - All the fields in users table will be available if requested but only when the login user is Site Admin/Project Admin, otherwise error message will be responded.
"ADMINS_MINIMAL" - All the fields in users table except user password will be available if requested but only when the login user is Site Admin/Project Admin, otherwise error message will be responded.