Permission issue for the admin account to remove a member from project area using API
Hi All,
Our automation working with APIs to automate removing members of the project areas when a user is terminated from the Organization. We have provided JazzAdmin access for the account which is used to remove the members of the project area and we have tested manually using web client, we are able to remove the members of the project area. But when we are using the API to identify the user and remove the user we see below error. Please let us know what is the difference between deleting manually and API and the cause of the permission error.
EWM server: 7.0.2 SR1
Database: SQL
FYI, we are using below API
Error 403
CRJAZ6053E To complete the 'Project areas' task, you need these permissions: 'You don't have permission to perform the following actions:
Modify collections of team members (modify/members)'
CRJAZ2676I Details about the error were written to the log file. To find this data, search the log file for this identifier: 89f3453a-c8ac-4c8b-8f53-d39f380d74db.
com.ibm.team.process.common.advice.TeamOperationCanceledException: CRJAZ6053E To complete the 'Project areas' task, you need these permissions: 'You don't have permission to perform the following actions:
Modify collections of team members (modify/members)'
Name: Project areas
ID: com.ibm.team.process.server.saveProjectArea
Severity: ERROR
Summary: Permission Denied
Description: You don't have permission to perform the following actions:
Modify collections of team members (modify/members)
Severity: ERROR
CRJAZ6053E To complete the 'Project areas' task, you need these permissions: 'You don't have permission to perform the following actions:
Modify collections of team members (modify/members)'
CRJAZ2676I Details about the error were written to the log file. To find this data, search the log file for this identifier: 89f3453a-c8ac-4c8b-8f53-d39f380d74db.
com.ibm.team.process.common.advice.TeamOperationCanceledException: CRJAZ6053E To complete the 'Project areas' task, you need these permissions: 'You don't have permission to perform the following actions:
Modify collections of team members (modify/members)'
Name: Project areas
ID: com.ibm.team.process.server.saveProjectArea
Severity: ERROR
Summary: Permission Denied
Description: You don't have permission to perform the following actions:
Modify collections of team members (modify/members)
Severity: ERROR
Thanks,
Vinay
One answer
The system behaves as designed. You could have found out by simply trying to perform the same function using the same user in the UI. Just because the user is member of an admin group or has the JazzAdmin repository role, does not mean they can do anything. The user still requires the permissions granted by a role in the project area. Please make sure the admin account you use for this automation has a role in the project area that grants the required permissions to perform the changes the automation user is supposed to do. As a JazzAdmin, the user can grant themselves the required role.
Please note that there is no API like:
Also note, that the API documented here: https://jazz.net/wiki/bin/view/Main/DraftTeamProcessRestApi that might be the API you use is provisional. SQL is also not the name of any database supported by ELM. ELM supports DB2 and Oracle.