Access privilege error for an API user with right endpoints allocated
- Description of the issue: Access privilege error for an API user with PutAccount endpoints allocated
- Account name: Marina Bay Sands Pte Ltd
- Region: APAC
- Client version: 24.3
-
Steps to reproduce:
- Main menu > API user > Note user ‘SailPoint Service Account’ has PutAccount assigned
-
Login and try to run simple API call. Note that it shows error msg User: SailPoint Service Account (SVCPSAILPO) restricted by access privilege: Edit/Add/Delete Accounts By Account Rep
Since this is a API user please advice how can we add this access privilege
Request Body:
{
"Organization": "10",
"AccountCode": "888888",
"Personnel": "I"
}
Observed results vs Expected results: No error should display as the APIuser has access to the PutAccount endpoint
- What is the job the client is trying to accomplish: API call as a use case to update the accounts
- Business impact if not resolved: Normal
- Link to Zendesk ticket:https://ungerboeck.zendesk.com/agent/tickets/359290
- Local v30 URL: https://supportwebsg.ungerboeck.com/MarinaBay_Prod_0784945591_USI_V30/app85.cshtml?ReturnUrl=%2fMarinaBay_Prod_0784945591_USI_V30



-
Rudy Scoggins please advice
-
Anitha, have you tried adding the access privilege from the “Access Privileges” tab on the API User?

-
James is right. Check to make sure your API User has the proper Access Privs.
-
Yes, I tried but unable to add this particular access priv.
-
Hello Rudy Scoggins Please advice if this is a bug? We cant assign from access privilege as this is not a normal user and there is no option from API User window.
Please see the below sample site details if you wish to check :
https://supportwebap.ungerboeck.com/MarinaBay/Prod/app85.cshtml?
usiadmin/ITRocks2014
https://supportwebap.ungerboeck.com/MarinaBay/Prod/api/help/index#/Accounts/Accounts_PutAccount
Key : 235f3587-137a-43fd-8f0c-e0d4c0497fac
ID :SVCPSAILPO
Secret : 1dd38c2b-fcf0-4952-a344-de801d9938c0
Data:
{
"Organization": "10",
"AccountCode": "00104613",
"Personnel": "I"
}
-
Hi Anitha. I took a look. When you say you can't assign the Access Privilege, is it because you cannot see the access privilege management button for the Sailpoint Service Account user?
Normally the API User interface gives you this option:
Inside there, you can select the appropriate access privileges to allow the API User to function as intended. I believe this action has been turned off for the USIAdmin user.
Additionally, if this is supposed to be a full access API User (given by then Service moniker in the name) and you wish to have no access priv blockers, you can uncheck this field that was added in 25.1 if it is available.
Again, I would check to ensure it is not breaking any security rules imposed by the customer to do this.
-
Thank you so much Rudy!!.. Appreciate it !
Yes, this customer seem to have restriction on usiadmin. I have asked them to updated the access privilege as this does not seem to be a bug.
Please sign in to leave a comment.
Comments
7 comments
Date Votes