403 Error

Question

403 Error

Hello,

I continually get this error when trying to edit a group's calendar in iCal:

Access to "Daily Planet" in "Post Sound 6" in account "Post Sound" is not permitted.

The server responded:
"HTTP/1.1 403 Forbidden"
to operation CalDAVScheduleEventQueueableOperation.

The operations are completed, as the data is actually being saved in the calendar and syncable from other workstations, but it is a frustrating error message. Has anyone else come across this issue?

Many thanks,
Josh

Powerbook 1.67 G4 (15 Superdrive), XServe Xeon, XRaid, Mac OS X (10.5.1)

Posted on Dec 19, 2007 5:59 AM

Reply

Answer 1

Dec 20, 2007 7:36 AM in response to Joshua Tidsbury

What do you see in the server's /var/log/caldavd/error.log file?

Reply

Answer 2

Dec 20, 2007 8:35 AM in response to Cyrus Daboo

This is what appears in the logs when the error occurs. It seems to be rather intermittent. The most interesting part of the logs is the 'Originator: /principals/groups/ctvpromos/ does not match authorized user: /principals/ _uids_/605BD954-5A83-49A0-B7C6-0F7EA56E6D7B/' part. Permissions issue perhaps?

Thanks,
Josh

2007-12-20 11:31:52-0500 [-] [caldav-8009] [-] Writing to file /Library/CalendarServer/Documents/calendars/groups/ctvpromos/calendar/F1907ED3- 5811-4F00-AFC3-9C7F08C48662.ics
2007-12-20 11:31:56-0500 [-] [caldav-8009] [AMP,client] PUT /calendars/groups/ctvpromos/calendar/F1907ED3-5811-4F00-AFC3-9C7F08C48662.ics HTTP/1.1
2007-12-20 11:31:56-0500 [-] [caldav-8009] [-] Writing to file /Library/CalendarServer/Documents/calendars/groups/ctvpromos/calendar/F1907ED3- 5811-4F00-AFC3-9C7F08C48662.ics
2007-12-20 11:32:23-0500 [-] [caldav-8009] [AMP,client] POST /calendars/groups/ctvpromos/outbox/ HTTP/1.1
2007-12-20 11:32:23-0500 [-] [caldav-8009] [AMP,client] 'Originator: /principals/groups/ctvpromos/ does not match authorized user: /principals/ _uids_/605BD954-5A83-49A0-B7C6-0F7EA56E6D7B/'
2007-12-20 11:32:27-0500 [-] [caldav-8009] [AMP,client] PUT /calendars/groups/ctvpromos/calendar/F1907ED3-5811-4F00-AFC3-9C7F08C48662.ics HTTP/1.1
2007-12-20 11:32:27-0500 [-] [caldav-8009] [-] Writing to file /Library/CalendarServer/Documents/calendars/groups/ctvpromos/calendar/F1907ED3- 5811-4F00-AFC3-9C7F08C48662.ics
2007-12-20 11:32:30-0500 [-] [caldav-8009] [AMP,client] POST /calendars/groups/ctvpromos/outbox/ HTTP/1.1
2007-12-20 11:32:30-0500 [-] [caldav-8009] [AMP,client] 'Originator: /principals/groups/ctvpromos/ does not match authorized user: /principals/ _uids_/605BD954-5A83-49A0-B7C6-0F7EA56E6D7B/'

Reply

Answer 3

Dec 20, 2007 3:19 PM in response to Joshua Tidsbury

I had the same issue. Then I read this post, http://discussions.apple.com/thread.jspa?messageID=6049520 scroll down to Patrick Gibson's response.

I created my own user calendar account through Preferences/Accounts not the standard Home, Work, etc. Once I did that I could see the other calendars accounts that I had given myself access to ( our Group Calendar), I clicked on Show and then I was able to see the shared calendar, send invites, accept invites etc. I too was trying to do it by making the shared calendar it's own account not a delegated calendar to my account.

One thing seems weird. If someone sends me an invite from the shared calendar then it comes to my personal calendar and I end up with two graphics for the event. It kind of makes sense because it is blocking out time on my personal calendar and I am also looking at the shared calendar. It just seems clunky.

hope it helps

Reply

Answer 4

Dec 20, 2007 6:22 PM in response to Dan Gardner

Thanks Dan,

I actually spoke to an Apple tech today. Was calling about something else and brought this one up. After he spoke to the engineers for a bit, he came back with the disappointing response that group calendars were never meant to be edited and viewed in iCal. They are only supposed to be Wiki/online calendars, and the fact that they are being edited in iCal is outside of the design of the system. The resulting permissions issues are therefore likely due to conflicts between the OD saying that users should have access, and the web system suggesting that they should not.

My response was that it was ridiculous and a serious design flaw if groups aren't able to effectively host multiple calendars that are accessible with iCal. The suggestion will hopefully be taken into consideration in future updates.

In the interim, the delegation of the calendars does appear to circumvent the permissions issue. It's ugly, and a serious pain if you have a large group for whom you wish all to have access to the calendar, but I believe it is the only way that I can get to work for me at the moment.

Thanks for pointing out that post Dan!

Take care,
Josh

Reply

Answer 5

Jan 2, 2008 7:30 AM in response to Joshua Tidsbury

The way things are setup you are not authorized to do scheduling operations with that group. At some point you must have created an event with some attendees on the group calendar and iCal is attempting to send the scheduling message to those attendees, but the server is denying that operation.

Reply

Answer 6

Jan 2, 2008 12:40 PM in response to Cyrus Daboo

Thanks Cyrus. I actually spoke to tech support about this issue, and after speaking with the engineers, I was told that the system was never meant to work this way... that the group calendars are only meant to be used as wiki based calendars, not within iCal. The permissions simply won't support this implementation. However, if you add users as delegates to the group calendar, it will circumvent the permissions (403) error, and will work fine for now.

I hope they come up with a better solution than this in a future update, but despite the headaches, this will work for the time being.

Reply