and more in a single search tool across platforms. Read the announcement here. |
10/10/2022 06:37 AM
Hi,
Should it be possible to access the EIC REST API as a user that doesn't have the ROLE_ADMIN SAV Role?
I only want the user to be able to list users, create users, and update users. If I give the user the ROLE_ADMIN SAV role it works, everything else I've tried fails with a "403 – Forbidden" error. (Note: Authentication works and I can get the access token, it is subsequent requests I can a 403 error.)
In the end I copied the ROLE_ADMIN role exactly and gave this to the user but it still doesn't work.
I also tried setting the "Restrict API access based on SAV Role" settings under "API Configurations" to TRUE then FALSE but this didn't make any difference. (I'm not sure what this setting is even supposed to do.)
Solved! Go to Solution.
10/10/2022 10:19 AM
You can create custom SAV Role with required Web Service Access.
if you already created please share screenshot of access added.
10/12/2022 01:22 AM
I had already added all 323 entries and it still didn't work. Screen shot showing all 323 entries and pop-up showing there are no more I can add:
When I authenticate to the API I can see the user has the right role (ROLE_ADMIN -COPY):
The first entry I can see in the logs is the 403 response:
2022-10-12T08:19:46.324304647Z stdout F 212.229.164.165 - - [12/Oct/2022:08:19:46 +0000] "GET /ECM/api/v5/user?q=accountExpired:0 HTTP/1.1" 403 431 "-" "PostmanRuntime/7.29.2" 2793 0.008 [default-ecm-8080] [] 192.86.0.93:8080 431 0.008 403 e0c3b42ce389bba7df00dd4d025e2168
10/12/2022 02:51 AM
Try keeping only one custom role to user
10/12/2022 02:57 AM
Same error with:
This is the response I get in Postman:
<!doctype html><html lang="en"><head><title>HTTP Status 403 – Forbidden</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 403 – Forbidden</h1></body></html>
10/12/2022 03:02 AM
Please share transport zip
i know web access api are not exported but need to validate
10/12/2022 06:40 AM - edited 10/12/2022 06:41 AM
10/31/2022 08:14 AM
This has sorted itself out. It looks like there might be some caching going on as it suddenly started working, then when I changed the "Web Service Access" list the changes didn't take effect until an application reset.