When Riva Cloud or Riva On-Premise attempts to sync with Sugar, four possible scenarios may cause Sugar to issue Access Denied errors.
In the most common scenario, permissions are not set up properly in Sugar to support Riva's "Enterprise" impersonation model. In that model, Riva connects to Sugar with the credentials of an admin user but writes changes to Sugar with the permissions of the Sugar user that Riva is currently syncing, and the user's permissions are insufficient. For example, Riva connects to Sugar using the "admin" user and is syncing to a user "Bob" who has insufficient permissions, and Riva attempts to use Bob's permissions in Sugar when trying to write data to or from Sugar.
[Meetings:40] Access Denied : You do not have access
[Contacts:40] Access Denied : You do not have access
[Leads:40] Access Denied : You do not have access
[Email:40] Access Denied : You do not have access
[Cases:40] Access Denied : You do not have access
[Opportunities:40] Access Denied : You do not have access
[Projects:40] Access Denied : You do not have access
[Quotes:40] Access Denied : You do not have access
[Tasks:40] Access Denied : You do not have access
This article applies to the following CRM systems:
"Access Denied : You do not have access" errors can be caused by any of these:
A patch included in Sugar 6.3.2 or higher, 6.4.0, and 6.4.1 generates "Access Denied" errors. For more information, see Sugar 6.3.2+ and 6.4.0/6.4.1: Resolve "Access Denied" errors.
If the user's permissions grant access to create, modify, and delete, but the user still receives Access Denied errors, the module in question may be hidden from the user, which disables the module.
If the user logs in to the CRM but cannot access the module, no data can be synchronized for that module.
As the CRM system admin, check whether the module is available on the CRM menus.
To check for module visibility:
Permissions can be granted globally to specific security roles and to specific individuals. Access control restrictions are a cumulative combination of settings from multiple Roles that the user is a member of. The most restrictive settings apply.
When configuring permissions in security roles, these are the important concepts to understand:
Because Riva does not have a desktop plug-in and relies exclusively on built-in features, the email client does not know anything about the CRM security model, leaving the possibility that users can modify (in the email client) items to which they have read-only access in the CRM. In these situations, when Riva attempts to sync the change, an "Access Denied" error is logged. Various sync policy options can be set to handle these errors.
When an item sync attempt receives an access-denied error from the CRM, the item is not synced to the CRM. The item is not updated in the CRM to reflect the change that was made by the user.
Subsequent changes that are made to the item in the CRM overwrite any changes made by the user.
Many access control restrictions lock changes against meetings or contacts so that only the item Owner can delete or modify the item.
In those cases, the process flow would look something like this:
FOR THIS EXAMPLE, in Sugar, the users' access control listing would look like:
For all data to sync properly, confirm that the user is part of the appropriate teams and permissions outlined below. All organizations have different security models that can be modified.