Unsure about correct permissions/roles/orgs for API application calls #2952
-
Hi, we would like to create a service user for an external service to allow it to make periodic fetches of application details (i.e. via the API). I haven't been able to get the permissions to work correctly - and was wondering if I could get some help. The impression I got was that the 'reporter' role had full visibility across all applications - and so I have created a service user and granted them that role. I then made an API key and attached that user.
I can make API calls to |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments 1 reply
-
One guess I had was that it was related to organisations - so I have attempted making the service bot an owner of all the organisations that have applications - but still get forbidden. |
Beta Was this translation helpful? Give feedback.
-
Actually I think I have worked it out - whilst we can use "rems+servicebot@host" when adding users to the API key - doing so will never then pick up the actual roles from the user when that API key is used. When I changed to using the direct user id "auth|asdadsada" in the "set-users" - the permissions are now fixed. The documentation seemed to imply that other user attributes were interchangeable with the user id - is this a documentation misunderstanding or a bug? |
Beta Was this translation helpful? Give feedback.
-
The process is roughly:
With this setup I can get it to work. There is the further possibility to add certain paths to limit the allowed methods. |
Beta Was this translation helpful? Give feedback.
The process is roughly:
With this setup I can get it to work. There is the further possibility to add certain paths to limit the allowed methods.