"API-1007: You are not authorized to process request" while creating a new instance of Object via API clients
search cancel

"API-1007: You are not authorized to process request" while creating a new instance of Object via API clients

book

Article ID: 277394

calendar_today

Updated On:

Products

Clarity PPM On Premise Clarity PPM SaaS

Issue/Introduction

Getting an error "API-1007: You are not authorized to process request. Contact your system administrator for necessary security rights" while creating a new instance of Object via API clients

Steps to Reproduce:

  1. Login to Clarity as Administrator 
  2. Create a Custom object let’s call it Custom Object 1 
  3. Provide the rights to the administrator user 
    • Custom Object - Navigate    
    • Custom Object 1- Copy    
    • Custom Object 1- Create    
    • Custom Object 1- Delete All    
    • Custom Object 1- Edit All    
    • Custom Object 1- Navigate    
    • Custom Object 1- View All    
    • Custom Object 1- Xog Access    
  4. Create a API token with Client ID
  5. Create an instance of the created custom 1 object via clarity UI 
  6. Create new Custom object let’s call it Custom Object 2 
  7. Provide the rights to the administrator user
    • Custom Object 2- Copy    
    • Custom Object 2- Create    
    • Custom Object 2- Delete All    
    • Custom Object 2- Edit All    
    • Custom Object 2- Navigate    
    • Custom Object 2- View All    
    • Custom Object 2- Xog Access
  8. Create an instance of the created custom object 2 via clarity UI 
  9. Now read the instance of custom object 2 instance via any API Client
  10. Now using post method try to create another instance of Custom object 2

Expected Results: User administrator should be able to create using post method having the above rights 

Actual Results: User gets the below error 

{

    "resourceId": "xxxx",

    "errorMessage": "API-1007 : You are not authorized to process request. Contact your system administrator for necessary security rights.",

    "errorCode": "api.unauthorized"

}

Environment

Clarity 16.2.0

Cause

DE78947

Resolution

  • DE78947 is not a defect and working as designed
  • When an API key is used, it creates a session in Clarity. The session gets the rights that are associated with the user that owns the API Key. The rights are those that the user has when the session is created. As long as the session is active and Clarity can find that session when the API Key is used then the rights associated with the session are what the user has.
  • If the user is granted ADDITIONAL rights while the API Key's session is still active the API Key DOESN'T see those rights.
  • The user must clear the API Key session before attempting to create/edit instances of the new custom object:
    • DELETE http://host:port/ppm/rest/v1/auth/logout with Authorization Bearer <API Key>
  • This API will close the API Key session and then the next time the API Key is used a new session with the new rights granted to user A will be created.
Powered by Wolken Software