function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
Joel RichardsJoel Richards 

Canvas App Permissions

Hi,
I have a Connected Canvas App that uses a Lifecycle Class - both are part of a managed package. In the OAuth policies I've set the Permitted Users to 'Admin approved users are pre-authorized' and included all the Profiles I require to have access. In those Profiles I've also ticked the App in the Connected App Access section. FYI, the Lifecycle Class doesn't allow profiles security to be set as per other 'normal' apex classes.

When my users who should have access to this App try and run it, the are given the error: 'Oops, there was an error [rendering Force.com Canvas application [App Name]. You don't have permissions to invoke Canvas lifecycle handler (apex class) [Class Name].'

It works for all System Admins and if I give any of these other users System Admin access (temporarily) it will work for them too.

I have the same setup in a different sandbox and it is working just fine.

Has anyone had any similar issues with access tot the Canvas Lifecycle handler class and know what may be wrong?
Best Answer chosen by Joel Richards
Joel RichardsJoel Richards
FYI for any one else that has this problem. As a workaround, I can assign the Lifecycle class to a Permission Set and assign the Permission set to all Users that use the Canvas App. Not sure if this is the expected way of doing this (would have through profile permission should do this) but is at least a current workaround.

All Answers

Joel RichardsJoel Richards
FYI for any one else that has this problem. As a workaround, I can assign the Lifecycle class to a Permission Set and assign the Permission set to all Users that use the Canvas App. Not sure if this is the expected way of doing this (would have through profile permission should do this) but is at least a current workaround.
This was selected as the best answer
Tim McLaughlinTim McLaughlin
Hi Joel,

I had the same issue earlier.  It looks like you have a work around, however, this may help for any future Connected Apps you install without the need to utilize additional permission sets.

Manage Users > Profiles > (Select Profile you would like to grant access) > Apex Class Access > Edit > Select the appropriate Apex Classes and Save.

-Tim
 
OnlineQOnlineQ
Permission Set didn't help. Apex Class Access did. Thanks!!
Paulie PeñaPaulie Peña
I wasn't able to assign the Canvas lifecycle class (which is in a managed package) to a Profile, so my only option was to assign it to a new Permission Set. Luckily, that worked for me.