Skip to main content

Access and permission issues

This page covers common access and permission problems, with steps to diagnose and resolve them.

"Access denied" on login

When users cannot log in or receive "Access denied" after entering credentials:

  1. Check account status - verify the user account is active (not deactivated) in the Users list
  2. Check workspace membership - the user must be a participant in the workspace they are trying to access
  3. Clear browser cookies - stale session cookies can cause repeated login failures. Ask the user to clear cookies for the Comind.work domain and try again
  4. Check SSO configuration - if using Single Sign-On, verify the SSO provider is correctly configured and the user's identity maps to their Comind.work account
  5. Check for multiple login attempts - some configurations may temporarily lock accounts after repeated failed attempts

User cannot see certain records

When a user reports they cannot see records that others can see:

  1. Check record permissions - open the record and review the Permissions field. It may be set to "Limited" with specific users/groups
  2. Check group membership - verify the user belongs to the correct groups. Navigate to the Groups app in the workspace to review membership
  3. Check app-level permissions - some apps restrict visibility based on group membership. Review app permissions in workspace admin settings
  4. Check field-level permissions - individual fields may be hidden from certain groups. A user might see the record but not all of its fields

User cannot edit or perform actions

When a user can view records but cannot edit fields or perform state transitions:

  1. Check action preconditions - some actions (like "Reopen" or "Close") require the user to be in a specific group (e.g., Supervisors)
  2. Check field editability - fields can be configured as read-only for certain groups
  3. Check record state - some fields become read-only in certain states (e.g., closed records may not be editable)

New user cannot access the system

When a newly invited user reports problems:

  1. Check invitation email - verify the user received and followed the invitation link
  2. Check account activation - the user must complete account activation (set password or connect SSO)
  3. Verify workspace membership - confirm the user was added as a participant to the correct workspace(s)
  4. Check group assignment - new users may need to be added to specific groups to see apps and records