Troubleshooting an Access Denied - Forbidden Error

Access Denied - Forbidden

An Access Denied - Forbidden error indicates that the affected admin's currently-assigned administrator role does not have the necessary permissions to perform the requested action:

WHMCS - Access Denied - Forbidden

To assign the necessary permissions:

1. Go to Configuration > System Settings > Administrator Roles & Permissions or, prior to WHMCS 8.0, Setup > Staff Management > Administrator Roles.

WHMCS - System Settings

2. Edit the administrator role for the affected admin.

3. Check the required permissions to enable them.

4. Click Save Changes.

WHMCS - Administrator Roles

The admin should now be able to perform the requested action successfully.

Access Denied - Forbidden when Logging In As Owner

If an Access Denied - Forbidden error occurs when an admin clicks Login as Owner in a client's profile's Summary tab in the Admin Area and the error does not list any required permissions, perform the following steps:

If the error message does list required permissions, do not perform these steps.

WHMCS - Access Denied - Forbidden

The lack of required permissions in the Access Denied - Forbidden error message indicates that the user who is the client's account owner has not set a password. Normally, all users should always have a set password.

To set a password and resolve this error, use one of the methods below:

Reset the User's Password via Email

To reset the user's password using email:

  1. In the WHMCS Admin Area, go to the client's profile's Users tab.
  2. Find the user with the OWNER badge next to their name and click Password Reset.
  3. Click OK. 

The customer will receive an email that contains a reset link. They can click that link and follow the prompts to create a new password. After the customer has set a new password, the Login as Owner link in the client profile should function normally.

WHMCS - Client Profile
Specify a placeholder password via SQL

If you are able to run SQL commands on the command line, run the following query against the WHMCS MySQL® database to specify a placeholder password:

UPDATE tblusers SET password = 'temppassword' WHERE id = x; 
Click to copy
  • Replace temppassword with a random string.
  • Replace x with the relevant user ID. You can find the user ID at Clients > Manage Users.

After you run this command, the Login as Owner link in the client profile should function normally.

The customer will need to complete the password reset process via email before they will be able to log in.