CraigRubendall
commented
5 months ago the actual issue here is that the documentation states that for a group permissions tree, the administrator is derived by looking at the permissions on the identity group to associate with this tree and picking the person who has direct writemetadata on the group.
In this case, the customer did not have these permissions set this way on the group, thus when it went to be retrieved, the group admin information was not found and the error occurred.
In this case, that was actually the right thing to do, although the error message should have been better.
The fix is two-fold:
- if we see this situation, throw an ERROR message stating more explicitly what the issue is.
- add the ability for a customer to have their own process for setting the administrative permissions on the tree. To do this, the admin has to set the setOwner=0 parameter to the createPortalGroup macro.
Important NOTE: Regardless of what process is being used to set the administrator on the permissions tree, the administrator MUST be explicitly granted writemetadata on the permissions tree (ie. not through group membership). If this is not followed, this tree will NOT show up in the other screens in the portal app where the admin can save content.
When adding a permission portal tree for a group the following error occur when executing https://github.com/sassoftware/sas-portal-app/blob/main/sas/SASEnvironment/SASCode/Samples/managePortalUsers/add-delete-portal-users/createPortalGroup.sas
ERROR: The object reference to Tree was requested without an identifier.
debug_sasdemo@SAS-AAP_updateItem_SAS-AAP.log