Submit Feedback
Legacy Knowledge Base
Published Jul. 2, 2025

How to resolve "User 'x' must have 'y' permission" errors encountered while performing staging publication processes

Written By

Isaac Wilson

How To articles are not official guidelines or officially supporteddocumentation. They are community-contributed content and may not alwaysreflect the latest updates to Liferay DXP. We welcome your feedback toimprove How to articles!

While we make every effort to ensure this Knowledge Base is accurate, itmay not always reflect the most recent updates or official guidelines.We appreciate your understanding and encourage you to reach out with anyfeedback or concerns.

Legacy Article

You are viewing an article from our legacy "FastTrack"publication program, made available for informational purposes. Articlesin this program were published without a requirement for independentediting or verification and are provided "as is" withoutguarantee.

Before using any information from this article, independently verify itssuitability for your situation and project.

Issue

  • Our team would like our staging managers to not be administrators, so we are only providing them with select permissions. However, publication attempts encounter errors such as: 
    ERROR [liferay/background_task-1][EventRemotePropagatorExportImportLifecycleListener:222] Unable to propagate staging lifecycle event to the remote live site
    com.liferay.portal.kernel.security.auth.PrincipalException$MustHavePermission: User 35389 must have EXPORT_IMPORT_LAYOUTS permission for com.liferay.portal.kernel.model.Group 34689
  • Is it possible to know which specific permission needs to be added to this user's role?

Environment

  • DXP 7.0
  • DXP 7.1
  • DXP 7.2
  • DXP 7.3

Resolution

  • This type of error is encountered when a user attempts to perform an action for which they do not have the necessary permissions, as defined in the portal/portlet's resource actions (of which there are two kinds: portlet resources and model resources). Each resource can be applied to four scopes: company, group, group-template, or individual.
  • To better pinpoint the permission needed for the action, we can look at the Liferay source code where the model/portlet resource actions are defined, such as this portal.xml file. Since the warning mentions com.liferay.portal.kernel.model.Group, we can look at the section starting in line 50 (which does include the EXPORT_IMPORT_LAYOUT permission (line 69 within the list)), and deduce based on the portlet-ref section that the permission missing is regarding Group Pages/Site Admin/Site Settings (i.e., a general "group" resource permission (usually found under the "Control Panel" primary section) involving exporting pages within sites).
  • So, to resolve the warnings in the examples above the needed permission can be added in the Live bundle by defining the following permission as a part of this user's role:
    • Control Panel > Sites > Sites > Resource Permissions > Site > Export/Import Pages 

Additional Information

 

Did this article resolve your issue ?
Legacy Knowledge Base
Did this article resolve your issue ?