Troubleshooting Access Denied messages

Security Requirements
Client computer privileges
All users require the following minimum privileges on their own computers:
  • Membership in the Administrators group to install the Meridian software. See the following Note.
  • Internet Explorer security settings as described in the BlueCielo Meridian Enterprise User's Guide.
  • Internet Explorer security settings enabled for the Local Intranet zone to download, register, and activate DLLs and ActiveX components that might be required by PowerUser extensions. See the following Note.
  • Read access to C:\Program Files\BC-Meridian
  • Read access to C:\Program Files\Common Files\Cyco Shared
  • Read access to C:\Program Files\Common Files\Autodesk Shared
  • Read access to C:\Windows\System32
  • Read and Write access to the C:\BC-Workspace folder. They must also have full access to the sub-folder that matches their user name. At MSU this folder is C:\ProgramData\BC-Workspace.
  • Modify access to the folder specified by the Windows TEMP system variable.
Note Ideally, users should be a member of either the Administrators or Power Users group of their own computer, unless read/write access has been granted for a lower group for which the user is a member. If this is prohibited by your organization’s security policy, an alternate method for installing the software and deploying extensions must be used. Common alternatives include manual installation performed by a system administrator or using a centralized application deployment system such as Microsoft Systems Management Server (SMS).
Application server privileges

All users require the following minimum privileges on the application server:
  • Read access to <drive>:\Program Files\BC-Meridian\Program
  • Read access to the shared folder BC-Meridian Extensions (AMM3EXT$)
  • All users must be members of a valid local or domain group that is granted access to the Meridian server.
  • No access to <drive>:\BC- Meridian Vaults.
Warning We recommend that access to the vault folder be granted to members of the Administrators group and the local system accounts only. The Meridian document files are stored in this folder and any unauthorized modifications, movements, or deletions would be extremely dangerous.

User receives a key icon at the root of the vault or on a particular folder
The user does not have access to this vault or folder.  They will need to be added to an appropriate Domain group that has already been assigned a role in the vault.  Once the user is added to the group they need to logout and log back in to pick up their new membership.  If they still do not have access then it is likely that the AutoManager EDM Server service will need to be restarted to force the evaluation of the security group changes.  Beware that this will cause all users to lose connection the the vaults and it should only be done at a scheduled time or off hours.
User receives an Access Denied error when opening the vault
This is usually because the user does not have the necessary rights for the system to manage their workspace folder.  At MSU the folder is C:\ProgramData\BC-Workspace.  This folder will contain usernames for each user that has used that client. Under that folder will be a folder by the name of the vault being connected.  In the case of a new user then it’s probably safe to delete the vault’s folder and then try to reopen the vault again.  The system will then recreate the folder structure and files necessary to work.  It may be dangerous to remove these folders if Local Workspace (LWS) is being used in your environment.  These folders may contain documents being worked on by a user and they may not have sync’d with the server at the time.
User receives an “RPC Server Unavailable” error or no vaults are listed when trying to browse to a vault
This usually means that there is something wrong with the communication between the user and the server.  This could be that the server/service was shut down while the user was in the application.   It could be that there is an issue with the RPC port (TCP 135).  It could mean that the user does not have the ability to remote launch or remote activate applications or activate objects on the server.  This is managed in Component Services in the COM Security tab (properties of my computer).  It could also be that a firewall is blocking related ports.

Add Feedback