The "Update Machine Custom Properties" Catalog Item Fails with 403 Forbidden Error in Aria Automation
search cancel

The "Update Machine Custom Properties" Catalog Item Fails with 403 Forbidden Error in Aria Automation

book

Article ID: 376276

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

  • This article addresses a scenario where an Aria Automation user encounters a 403 Forbidden error when running the "Update Machine Custom Properties" Catalog item in Aria Automation. 
  • Despite having seemingly sufficient roles (Service Broker Administrator, User, and Orchestrator Workflow Designer), the user experiences below error.
    • Error occurred ("message "forbidden","status Code 403, "errorCode" 0, "serverErrorId xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx","documentkind "com:vmware:xenon:common:ServiceErrorResponse") (Dynamic Script Module name: createMachineCustomProperties#9)

Environment

  • Aria Automation version 8.x

Cause

  • Insufficient Permissions: The "Update Machine Custom Properties" functionality requires the Cloud Assembly Administrator role, which the user lacks. The existing roles don't grant the necessary permissions for the Catalog item or the underlying API call.
  • The API which the action calls is: PATCH on /iaas/api/machines not allowed for user /provisioning/auth/csp/users/<username>

Resolution

  • Grant Appropriate Permissions: Assigning the Cloud Assembly Administrator role directly addresses the permission issue but grants extensive permissions. Only consider this if the user's job function absolutely requires full administrative access.
Powered by Wolken Software