I'm trying to use the ABAC API's to create a report of all the Roles and permissions for a client, but I can't figure out what I need to do in order to give my API credential access.
- I as a user, am an AEP Product Admin and manage Permissions thru the UI on a regular basis
- I am a developer for AEP
- I created an API Project and put my technical account ID in the same ABAC Role as my user
https://experienceleague.adobe.com/docs/experience-platform/access-control/abac/abac-api/roles.html?...
When I try to do a get on the /roles endpoint, I get a 403-forbidden with this response:
{
"type": "http://ns.adobe.com/aep/errors/ACL-4031-403",
"title": "“A role is required to perform this operation. Define one of the following roles and try again:org_admin,product_admin.”",
"status": 403,
"report": {
"tenantInfo": {
"sandboxName": "removed",
"sandboxId": "N/A",
"imsOrgId": "removed"
},
"additionalContext": {
"request-id": "removed"
}
},
"error-chain": [
{
"serviceId": "Access Control Service",
"errorCode": "ACL-4031-403",
"invokingServiceId": "N/A",
"unixTimeStampMs": 1683141663172
}
]
}
Does anyone know what I need to do here? Do I need to add my technical account ID as a product admin somehow? The documentation has a note "If a user token is being passed, then the user of the token must have an “org admin” role for the requested org." I'm not really clear on what that means though. Any help is appreciated!
