Some Users Cannot Access the Process Viewer from the Task List Web Part

Symptoms

When some users click the icon for the Process Viewer in the Task List web part, the browser displays a Windows authentication/login dialog. When the user enters their Username and Password in the dialog and clicks OK, the same dialog often appears again. After completing the dialog several times (usually 3), the dialog stops appearing but the Process Viewer is not displayed.   This behavior only occurs when the user(s) click the icon for the Process Viewer in the Task List web part. When the same user(s) clicks the icon or link for the Process Viewer from within the SharePoint library, the Process Viewer displays normally.

Cause

This problem typically occurs when the affected user(s) have been granted access to the SharePoint team site(s) containing the workflow-enabled library the task is associated with, but have not been granted access to the top-level (i.e. root) SharePoint team site for the same SharePoint virtual server. This is because the Task List web part uses a Process Viewer link that is relative to the top-level SharePoint team site associated with the SharePoint virtual server that AgilePoint SharePoint Integration is associated with, while the library's icon uses a Process Viewer link that is relative to the SharePoint team site that contains the library.   For example, if a task is associated with a library "mylibrary" (located at "http://myserver/sites/mysite/mylibrary/"), the View Process icon in the library's All Items view would be associated with a URL similar to the following:

http://myserver/sites/mysite/_layouts/AP/ProcessViewer.aspx?FileName=32e750c8bc3243199896b96a4617e93b

The View Process icon displayed in the Task List web part for a similar task would be associated with a URL similar to the following:

javascript:showProcess(" http://myserver/_layouts/AP/ProcessViewer.aspx?FileName=4199e49e144c46fcb8cfa72380a75d44&Time=632824374651267118 ") Since the library's icon uses a link relative to http://myserver/sites/mysite/  while the web part's icon uses a link relative to http://myserver/ , the user will be authenticated against different team sites depending upon which icon the user clicked. Since SharePoint allows a user's access rights/permissions to be configured separately for different team sites, this means that a given user may have sufficient security privileges to use one type of icon, but not the other.

Resolution

The problem described above can usually be resolved simply be giving the affected user(s) sufficient access rights to view the SharePoint virtual server's top-level site. This can be done by a SharePoint administrator.  

This behavior is by-design. Access to certain SharePoint libraries is often restricted to certain users or groups in order to make sure that only those users can view and/or modify the contents of the library. However, users that do not have access to a given library (or it's documents) may still be assigned as a participant for a task associated with a document in the library. Such a user would need to be able to perform the work associated with the task assigned to them, even though they may intentionally be restricted from accessing the library and/or team site that contains the document. In such a situation, the user only needs to be granted access to the SharePoint virtual server's top-level site. (If the Task List web part does not reside in the top-level site, the user would also need access to whatever page/site contains the web part).