Skip to main content

I have an application running out of my Oracle based IdM system that updates group membership.  This process broke down due to the process using an OAUTH2 based authentication.  I have create a new app that uses different auth, and now we can read all the groups and group members.  However, when we try to add a group member, we get:

403 - access_denied_insufficient_permissions - Access denied - insufficient permission

This is from an Oracle PL/SQL app, using the APEX_WEB_SERVICE.MAKE_REST_REQUEST function.  The same one that we used to get the list of groups and have been using for 10 years to create users and groups.  The app gets a token (if needed - tracks the expiration date in the database), and makes the request. It also logs the token, url and request body.  If I copy and paste these values into Postman and POST it, it works fine - same token, same URL, same body.

 

I expect I am missing (or including) some header or cookie, or some other magic, and the API which causes the failure.  Unfortunately, my recent tests are still within the 48 hour window of the Diagnostic report.  I have also updated my ticket with customer service, to include the request id of both the working and failing requests, but perhaps they are also stuck behind the 48 hour report window.

Turns out my request was turning notifications off.  This requires additional permissions.  Unfortunately, the original error message that references notification access was being replaced by the more generic message listed above.

BOX Customer support was able to help identify this issue.  However, more recent attempt to allow my app to turn notifications off, have resulted in a different error - “500 - Internal Server Error” - so back to CS to get that ironed out.


Reply