I'm trying to use the ABAC API's to create a report of all the Roles and permissions for a client, but I can't figure out what I need to do in order to give my API credential access.
When I try to do a get on the /roles endpoint, I get a 403-forbidden with this response:
{
"type": "http://ns.adobe.com/aep/errors/ACL-4031-403",
"title": "“A role is required to perform this operation. Define one of the following roles and try again:org_admin,product_admin.”",
"status": 403,
"report": {
"tenantInfo": {
"sandboxName": "removed",
"sandboxId": "N/A",
"imsOrgId": "removed"
},
"additionalContext": {
"request-id": "removed"
}
},
"error-chain": [
{
"serviceId": "Access Control Service",
"errorCode": "ACL-4031-403",
"invokingServiceId": "N/A",
"unixTimeStampMs": 1683141663172
}
]
}
Does anyone know what I need to do here? Do I need to add my technical account ID as a product admin somehow? The documentation has a note "If a user token is being passed, then the user of the token must have an “org admin” role for the requested org." I'm not really clear on what that means though. Any help is appreciated!
Solved! Go to Solution.
Views
Replies
Total Likes
For those that come across this in the future, the answer to this is that you need to add your Technical Account Email ID associated with your developer project as a Product Admin (or Org Admin) via the Admin Console. I ended up going through Adobe support and their product engineering team pointed me in the right direction.
The other option, is if you as a user are an Org Admin, you can use your bearer token. I tested this by grabbing my bearer token from a network call to the UI.
Hello @derekselby
You should be a system administrator to access this endpoint.
More details on the Admin role are available here: Administrative roles (adobe.com)
Views
Replies
Total Likes
For those that come across this in the future, the answer to this is that you need to add your Technical Account Email ID associated with your developer project as a Product Admin (or Org Admin) via the Admin Console. I ended up going through Adobe support and their product engineering team pointed me in the right direction.
The other option, is if you as a user are an Org Admin, you can use your bearer token. I tested this by grabbing my bearer token from a network call to the UI.
Thank you. Very helpful!
Views
Replies
Total Likes
Views
Likes
Replies