When performing an operation within the ActiveRoles Server Web Interface instead of 'Access is Denied' message when trying to perform an operation a delegated user has no access to, they get this error instead:
500 - Internal server error.
There is a problem with the resource you are looking for, and it cannot be displayed.
In IIS 7 and above, you can control the detailed error messages being sent to the clients. By default, the detailed error messages can be viewed only by browsing the site from the server itself.
But, this is dangerous because detailed errors may contain information about the inner workings of your web-site. You should allow only trusted persons to see the detailed error messages, that's why it is configured by default to be viewable only from the server.
If you want to enable this detailed error message to be shown on the clients as well, then you need to change the setting in the IIS7 manager.
Follow the below steps for the same:
1. Open the IIS manager
2. Select the Website and on its features view, double click on Error Pages.
3. Right click the status code "500" and select the Edit Feature Settings or select the same from the Actions pane (in the right hand side)
4. Select the Detailed errors radio button and click OK
5. Now all client browsers will be able to see the detailed error messages