OakAccess0000: Access denied

ERROR :-   OakAccess0000: Access denied

We often observe while doing the AEM development or in live running environment we get the error code  OakAccess0000 , while running a workflow or any asset upload. 

This impact the business as content author are unable to upload any content. 

Error stack trace :-

Javax.jcr.AccessDeniedException: OakAccess0000: Access denied

 at org.apache.jackrabbit.oak.api.CommitFailedException.asRepositoryException(CommitFailedException.java:232) [org.apache.jackrabbit.oak-api:1.10.6]

 at org.apache.jackrabbit.oak.api.CommitFailedException.asRepositoryException(CommitFailedException.java:213) [org.apache.jackrabbit.oak-api:1.10.6]

 at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.newRepositoryException(SessionDelegate.java:669) [org.apache.jackrabbit.oak-jcr:1.10.6]

 at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.save(SessionDelegate.java:495) [org.apache.jackrabbit.oak-jcr:1.10.6]

 at org.apache.jackrabbit.oak.jcr.session.SessionImpl$8.performVoid(SessionImpl.java:424) [org.apache.jackrabbit.oak-jcr:1.10.6]

 at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.performVoid(SessionDelegate.java:273) [org.apache.jackrabbit.oak-jcr:1.10.6]

 at org.apache.jackrabbit.oak.jcr.session.SessionImpl.save(SessionImpl.java:421) [org.apache.jackrabbit.oak-jcr:1.10.6]

 at com.adobe.granite.repository.impl.CRX3SessionImpl.save(CRX3SessionImpl.java:208) [com.adobe.granite.repository:1.6.28]

 --

 --

 --

 Caused by: org.apache.jackrabbit.oak.api.CommitFailedException: OakAccess0000: Access denied

 at org.apache.jackrabbit.oak.security.authorization.permission.PermissionValidator.checkPermissions(PermissionValidator.java:239) [org.apache.jackrabbit.oak-core:1.10.6]

 at org.apache.jackrabbit.oak.security.authorization.permission.PermissionValidator.propertyAdded(PermissionValidator.java:108) [org.apache.jackrabbit.oak-core:1.10.6]

Solution :- 

This error is due to workflow service user which AEM uses to run the workflows. To get the issue resolved you need to take the following action - 

1. Search for the workflow-service user  form user  admin. 

2. Assign the admin privileges to workflow-service user. /etc, /content..etc

3. Upload the images and observe the log files. Your issue will be resolved.